Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Owner (administrator) on OWNER-PC (24-06-2016 23:57:36)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7405752 2016-06-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [1173184 2016-05-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\MountPoints2: G - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\MountPoints2: {2210640d-8438-11e3-a6b9-001bdc0f9f99} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\MountPoints2: {c0ac8ec1-21bb-11e0-a0b4-001bdc0f9f99} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\Winter.scr [3247415 2009-04-30] ()
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-01] (AVAST Software)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09E3FD82-BF74-4B02-8CA7-AEFDC075918B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-202087676-3094543619-1347356524-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE07&ocid=UE07DHP
SearchScopes: HKLM-x32 -> {93373549-197D-4AE3-B685-E443F665D9B7} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKU\S-1-5-21-202087676-3094543619-1347356524-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-202087676-3094543619-1347356524-1005 -> {6E700425-8EFE-4D85-9EA6-96EA56B7B8BF} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-202087676-3094543619-1347356524-1005 -> {93373549-197D-4AE3-B685-E443F665D9B7} URL = hxxp://www.dogpile.com/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-10-15] (AVG Technologies CZ, s.r.o.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-01] (AVAST Software)
BHO-x32: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-10-15] (AVG Technologies CZ, s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-01] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-01] (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5xeyublm.default-1433262589776
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-25] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-07] (Apple Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5xeyublm.default-1433262589776\searchplugins\google-avast.xml [2015-06-16]
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 => not found
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-04]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-01] (AVAST Software)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6210; C:\Windows\System32\DRIVERS\A6210.sys [2208984 2014-06-20] (Ralink Technology Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-01] (AVAST Software)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 C751BUS; C:\Windows\System32\DRIVERS\C751BUS.sys [69848 2010-01-14] (DEVGURU Co., LTD.)
S3 C751Mdm; C:\Windows\System32\DRIVERS\C751Mdm.sys [177368 2010-01-14] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 C751Vsp; C:\Windows\System32\DRIVERS\C751Vsp.sys [177368 2010-01-14] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folder
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-25 00:03 - 2015-08-15 08:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-24 23:42 - 2015-08-05 22:39 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-24 23:33 - 2015-09-08 18:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-24 22:00 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-24 22:00 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-24 21:17 - 2015-09-08 18:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-24 21:16 - 2015-09-01 10:18 - 00000686 _____ C:\Windows\Tasks\ParetoLogic Internet Security Startup.job
2016-06-24 21:16 - 2015-09-01 10:17 - 00000494 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-06-24 19:33 - 2010-01-06 00:31 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ABDE6E16-862D-4F49-B4D0-6511FE5CA11D}
2016-06-24 19:25 - 2016-05-01 11:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-24 19:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-23 15:12 - 2015-09-08 18:55 - 00002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-23 14:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-18 23:46 - 2012-02-12 17:53 - 00000000 ____D C:\Windows\pss
2016-06-18 22:36 - 2009-07-14 00:45 - 00431680 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-18 22:22 - 2013-08-26 00:26 - 00000000 ____D C:\Windows\system32\MRT
2016-06-18 22:12 - 2010-01-31 09:08 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-16 13:24 - 2015-06-03 11:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 22:22 - 2011-08-06 09:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2016-06-09 21:59 - 2009-07-14 01:13 - 00858402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-06 12:39 - 2010-01-25 07:56 - 00000000 ____D C:\Windows\Downloaded Installations
2016-06-06 12:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-08-05 15:45 - 2015-08-05 15:45 - 6420480 _____ () C:\Program Files (x86)\GUT6118.tmp
2015-10-04 22:51 - 2015-10-23 08:10 - 0000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
2013-04-13 13:22 - 2015-05-12 14:24 - 0011264 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-31 15:07 - 2010-10-31 15:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

ZeroAccess:
C:\Users\Owner\AppData\Local\{5fa9ebcb-d59b-f11e-a907-9d2dab537bf4}
C:\Users\Owner\AppData\Local\{5fa9ebcb-d59b-f11e-a907-9d2dab537bf4}\@

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. 
dll
2016-06-16 15:48 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-16 15:48 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-16 15:48 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-16 15:48 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-16 15:48 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-16 15:48 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-16 15:48 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-16 15:48 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-16 15:48 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-16 15:48 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-16 15:48 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-16 15:48 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-16 15:48 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-16 15:48 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-16 15:48 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-16 15:48 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-16 15:47 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-16 15:47 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-16 15:47 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-16 15:47 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-16 15:47 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-16 15:47 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-16 15:47 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-16 15:47 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-16 15:47 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-16 15:47 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-16 15:47 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-16 15:47 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-16 15:43 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-16 15:43 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-16 15:43 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-16 15:43 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-16 15:43 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-16 15:43 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-16 15:43 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-16 15:43 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-16 15:43 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-16 15:43 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-16 15:43 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-16 15:43 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-16 15:43 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-16 15:43 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-16 15:43 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-16 15:43 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-16 15:43 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-16 15:43 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-16 15:43 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-16 15:43 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-16 15:43 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-16 15:43 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 15:43 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-16 15:43 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 15:43 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-16 15:43 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-16 15:43 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-16 15:43 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-16 15:43 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-16 15:43 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-16 15:43 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-16 15:43 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-16 15:43 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-16 15:43 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-16 15:43 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-16 15:43 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-16 15:43 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-16 15:42 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-16 15:42 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-16 15:42 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-16 15:42 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-16 15:42 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-16 15:42 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-16 15:42 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-16 15:42 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-16 15:42 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-16 15:42 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-16 15:42 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-16 15:42 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-16 15:42 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-16 15:42 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-16 15:42 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-16 15:42 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-16 15:42 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-16 15:42 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-16 15:42 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-16 15:42 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-16 15:42 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-16 15:42 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-16 15:42 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-16 15:42 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-16 15:42 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-16 15:42 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-16 15:42 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-16 15:42 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-16 15:42 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-11 22:41 - 2016-06-11 22:41 - 00787219 _____ C:\Users\Owner\Downloads\Dockage Direct Debit.jpeg
2016-06-10 12:18 - 2016-06-10 12:18 - 04910664 _____ C:\Users\Owner\Downloads\customerservice@converselabs.com_20160606_083940.pdf
2016-06-08 11:33 - 2016-06-08 11:33 - 00000050 _____ C:\Users\Owner\Desktop\YouTube.url
2016-06-06 12:37 - 2016-06-06 12:38 - 81715023 _____ C:\Users\Owner\Downloads\A6210_v1.0.0.34.zip
2016-06-06 12:06 - 2016-06-23 14:21 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-06-04 23:13 - 2016-06-04 23:14 - 00000000 ____D C:\Users\Owner\Downloads\Why You Will Marry the Wrong Person - The New York Times_files
2016-06-04 23:13 - 2016-06-04 23:13 - 00430124 _____ C:\Users\Owner\Downloads\Why You Will Marry the Wrong Person - The New York Times.html
2016-06-04 22:57 - 2016-06-04 22:57 - 00020253 _____ C:\Users\Owner\Downloads\invoice_2697_from_Douglas Family Dive Services.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-25 00:03 - 2015-08-15 08:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-24 23:42 - 2015-08-05 22:39 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-24 23:33 - 2015-09-08 18:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-24 22:00 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-24 22:00 - 2009-07-14 00:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-24 21:17 - 2015-09-08 18:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-24 21:16 - 2015-09-01 10:18 - 00000686 _____ C:\Windows\Tasks\ParetoLogic Internet Security Startup.job
2016-06-24 21:16 - 2015-09-01 10:17 - 00000494 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-06-24 19:33 - 2010-01-06 00:31 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{ABDE6E16-862D-4F49-B4D0-6511FE5CA11D}
2016-06-24 19:25 - 2016-05-01 11:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-24 19:24 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-23 15:12 - 2015-09-08 18:55 - 00002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-23 14:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-18 23:46 - 2012-02-12 17:53 - 00000000 ____D C:\Windows\pss
2016-06-18 22:36 - 2009-07-14 00:45 - 00431680 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-18 22:22 - 2013-08-26 00:26 - 00000000 ____D C:\Windows\system32\MRT
2016-06-18 22:12 - 2010-01-31 09:08 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-16 13:24 - 2015-06-03 11:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 22:22 - 2011-08-06 09:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ZoomBrowser EX
2016-06-09 21:59 - 2009-07-14 01:13 - 00858402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-06 12:39 - 2010-01-25 07:56 - 00000000 ____D C:\Windows\Downloaded Installations
2016-06-06 12:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-08-05 15:45 - 2015-08-05 15:45 - 6420480 _____ () C:\Program Files (x86)\GUT6118.tmp
2015-10-04 22:51 - 2015-10-23 08:10 - 0000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
2013-04-13 13:22 - 2015-05-12 14:24 - 0011264 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-31 15:07 - 2010-10-31 15:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

ZeroAccess:
C:\Users\Owner\AppData\Local\{5fa9ebcb-d59b-f11e-a907-9d2dab537bf4}
C:\Users\Owner\AppData\Local\{5fa9ebcb-d59b-f11e-a907-9d2dab537bf4}\@

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-01 00:23

==================== End of FRST.txt ============================

LastRegBack: 2016-05-01 00:23

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Owner (2016-06-25 00:19:57)
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-23 13:57:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-202087676-3094543619-1347356524-500 - Administrator - Disabled)
ASPNET (S-1-5-21-202087676-3094543619-1347356524-1004 - Limited - Enabled)
Guest (S-1-5-21-202087676-3094543619-1347356524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-202087676-3094543619-1347356524-1007 - Limited - Enabled)
Owner (S-1-5-21-202087676-3094543619-1347356524-1005 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
AVG 2012 (Version: 12.0.4235 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version:  - )
Canon MX330 series User Registration (HKLM-x32\...\Canon MX330 series User Registration) (Version:  - )
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CHMC USB Driver V1.0.0 (HKLM-x32\...\{DB3B13A3-99B2-4C13-9DA0-221162675047}) (Version: 1.0.0 - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Easy Phone Sync (HKLM-x32\...\{A33EB00C-AE4D-46DC-83DA-1FBFE2D1E71C}) (Version: 64 - Media Mushroom Limited)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
ImTOO Movie Maker 6 (HKLM-x32\...\ImTOO Movie Maker 6) (Version: 6.6.0.20120823 - ImTOO)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office Accounting Equifax Addin (HKLM-x32\...\{8C711818-076E-475C-B95B-DF11CD9D8DBE}) (Version: 2.0.7416.00 - Microsoft Corporation)
Microsoft Office Accounting Fixed Asset Manager (HKLM-x32\...\{46614A49-222A-48EF-87A9-BFD603E608E1}) (Version: 2.0.7416.00 - Microsoft Corporation)
Microsoft Office Accounting PayPal Addin (HKLM-x32\...\{353D20CC-719B-4A60-AD33-D03F88C10330}) (Version: 2.0.7416.00 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM-x32\...\{91190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-202087676-3094543619-1347356524-1005\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{24190661-2122-40D1-9F7C-8FDEA5AE4197}) (Version: 4.6.0 - Microsoft Corporation)
mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nemo PDF To Word (HKLM-x32\...\{6CA8C09B-FA99-49FE-9664-1CE823FAD510}_is1) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211) (Version: 1 - Microsoft Corporation)
Vipre (x32 Version: 6.1.5496 - Vipre) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VZAccess Manager (HKLM-x32\...\{2B1753D0-728F-442D-9521-8994EBE3B7AB}) (Version: 7.4.3.4 - Smith Micro Software Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinTools.net Professional version 13.0 (HKLM-x32\...\{7FFFD2AE-950E-4BD1-AF7C-32E6CC15F481}_is1) (Version: 13.0 - WinTools Software Engineering, Ltd.)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Internet Security Startup.job => C:\Program Files (x86)\ParetoLogic\ParetoLogic Internet Security\ParetoLogic Internet Security.exe/minimize /unelevate C:\Program Files (x86)\ParetoLogic\ParetoLogic Internet Security\ParetoLogic Internet Security.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-202087676-3094543619-1347356524-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LVPrcS64 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: NetgearSwitchUSB => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: vds => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: iLivid => 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: vProt => 
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{11E0CD15-91F7-46C0-BABA-9A277E19B055}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C40F4725-63E8-4532-8288-F94A361BAFA4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{F2C7F117-C6C8-41A5-8604-305E612667D7}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{B76E68C9-D0C1-4615-9699-43C5A4936D8E}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [UDP Query User{D0D27DAB-CCD7-4D7F-BB9B-21CA5557B3C0}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{E0BD25DB-F74A-4FBC-B794-92FF6B4AE28A}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{F358B542-27EF-4DC7-82B1-C8310058F94B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{3536E386-E05C-43C3-8380-22A18517BF60}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8CAAC2C7-51E0-4F6E-87AB-4270CEC1878E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-08-2015 08:50:19 avast! antivirus system restore point
16-08-2015 00:11:02 Windows Update
16-08-2015 00:36:15 Removed Bonjour
16-08-2015 00:37:27 Removed DraftSight x64.
19-08-2015 09:07:26 Windows Update
20-08-2015 03:00:53 Windows Update
25-08-2015 17:43:04 Windows Update
28-08-2015 22:59:39 Windows Update
01-09-2015 10:46:46 avast! antivirus system restore point
08-09-2015 22:21:42 Windows Update
09-09-2015 14:50:03 Windows Update
19-09-2015 06:17:37 Scheduled Checkpoint
30-09-2015 20:11:41 Scheduled Checkpoint
21-10-2015 00:51:18 Windows Update
25-10-2015 19:48:03 Removed iCloud
02-11-2015 12:29:05 Scheduled Checkpoint
10-11-2015 19:08:36 Scheduled Checkpoint
10-11-2015 23:02:40 Windows Update
12-11-2015 22:40:29 Windows Update
20-11-2015 07:02:58 Scheduled Checkpoint
01-12-2015 17:00:05 Scheduled Checkpoint
09-12-2015 21:17:46 Scheduled Checkpoint
10-12-2015 02:02:17 Windows Update
17-12-2015 11:02:11 Scheduled Checkpoint
30-04-2016 14:02:10 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
30-04-2016 14:03:49 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
30-04-2016 17:26:25 Windows Update
30-04-2016 20:24:55 Windows Update
01-05-2016 10:35:39 Removed QuickTime 7
06-05-2016 20:46:36 Windows Update
11-05-2016 12:42:38 Windows Update
11-05-2016 21:09:58 Windows Update
12-05-2016 18:56:40 Windows Update
13-05-2016 10:04:39 Windows Update
25-05-2016 16:20:59 Windows Update
31-05-2016 18:46:14 Windows Update
03-06-2016 18:55:10 Windows Update
07-06-2016 11:05:11 Windows Update
16-06-2016 15:40:45 Windows Update
18-06-2016 22:01:50 Windows Update

==================== Faulty Device Manager Devices =============

Name: Communications Port (COM4)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot determine the settings for this device. Consult the documentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2016 02:34:52 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/19/2016 03:09:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e90

Start Time: 01d1ca5d59be6f4b

Termination Time: 8568

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/19/2016 03:04:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e88

Start Time: 01d1ca5cf86dedac

Termination Time: 597

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/19/2016 03:02:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 114c

Start Time: 01d1ca5a94f5ad56

Termination Time: 1350

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/18/2016 10:23:03 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Compatibility Pack for the 2007 Office system -- Error 1704. An installation for Adobe Acrobat Reader DC is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (06/12/2016 07:44:33 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/10/2016 12:27:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042319).

Error: (06/07/2016 10:52:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 65c

Start Time: 01d1c0cc0d90beca

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: 61deb6cb-2cbf-11e6-8284-002421b4f95f

Error: (06/06/2016 12:06:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/30/2016 09:30:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 664

Start Time: 01d1badbec022de8

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id: 4b7cb958-26cf-11e6-b6a5-002421b4f95f


System errors:
=============
Error: (06/24/2016 07:27:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AntiMalware service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (06/24/2016 07:24:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (06/24/2016 01:54:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AntiMalware service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (06/24/2016 01:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (06/24/2016 01:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:42:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:42:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:42:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


mentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2016 02:34:52 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/19/2016 03:09:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e90

Start Time: 01d1ca5d59be6f4b

Termination Time: 8568

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/19/2016 03:04:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e88

Start Time: 01d1ca5cf86dedac

Termination Time: 597

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/19/2016 03:02:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 114c

Start Time: 01d1ca5a94f5ad56

Termination Time: 1350

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/18/2016 10:23:03 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Compatibility Pack for the 2007 Office system -- Error 1704. An installation for Adobe Acrobat Reader DC is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (06/12/2016 07:44:33 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (06/10/2016 12:27:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042319).

Error: (06/07/2016 10:52:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 65c

Start Time: 01d1c0cc0d90beca

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: 61deb6cb-2cbf-11e6-8284-002421b4f95f

Error: (06/06/2016 12:06:35 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/30/2016 09:30:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 664

Start Time: 01d1badbec022de8

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id: 4b7cb958-26cf-11e6-b6a5-002421b4f95f


System errors:
=============
Error: (06/24/2016 07:27:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AntiMalware service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (06/24/2016 07:24:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (06/24/2016 01:54:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AntiMalware service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (06/24/2016 01:51:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (06/24/2016 01:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:47:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:42:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:42:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.


Error: (06/24/2016 01:42:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.

==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3062.3 MB
Available physical RAM: 952.71 MB
Total Virtual: 6122.79 MB
Available Virtual: 4124.88 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:257.6 GB) (Free:65.88 GB) NTFS
Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:34.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 83BC4734)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=257.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 3062.3 MB
Available physical RAM: 952.24 MB
Total Virtual: 6122.79 MB
Available Virtual: 4122.24 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:257.6 GB) (Free:65.88 GB) NTFS
Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:34.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 83BC4734)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=257.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello JTM4787 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also let me know if there are any remaining issues or concerns..

Thank you,

Kevin....

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.