Jump to content

Rootkit Issue - Avast asked to delete a rootkit


Recommended Posts

Hi,

Recently my computer came under attack while I was using google drive and google sheets, avast gave me a couple warning about blocked attacks and later said a rootkit was on my computer and prompted whether I wanted to delete it. I clicked yes. I've used MBAR to scan, did full scans with Avast and Boot Scans with Avast and have had no detections, but I wanted to make sure my laptop was truly clear. Thank you for the help!

This is the FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by Marc Tannous (administrator) on MARCTANNOUS-PC (07-03-2017 19:34:21)
Running from C:\Users\Marc Tannous\Desktop
Loaded Profiles: Marc Tannous (Available Profiles: Marc Tannous)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Tobias Erichsen) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Marc Tannous\AppData\Local\FluxSoftware\Flux\flux.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Labtiva Inc.) C:\Users\Marc Tannous\AppData\Local\com.readcube.Desktop\bin\helper\164\ReadCubeTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Labtiva Inc.) C:\Users\Marc Tannous\AppData\Local\Temp\ReadCubeTray64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-13] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-20] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-03-31] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-21] (AVAST Software)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-10-17] ()
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [f.lux] => C:\Users\Marc Tannous\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [ReadCube] => C:\Users\Marc Tannous\AppData\Local\com.readcube.Desktop\application\ReadCube.exe [150800 2013-11-17] ()
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\MountPoints2: {06ff2785-764a-11e4-909e-70188b28b67e} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-21] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{21926AFD-E739-422E-B174-660FB0D58C09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{589370A3-D338-4EDE-87C6-6EDE8F06B20D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C03CB322-2411-485C-AA10-F7AC3E3677E8}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/
HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-21] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-20] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-21] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-06-07] (Microsoft Corporation.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-02]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Guest Profile [2014-11-30]
CHR Profile: C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-07]
CHR Extension: (Google Docs) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Google Search) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-02-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Marc Tannous\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-16]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-21] (AVAST Software s.r.o.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-21] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-03-31] (NTI Corporation)
R2 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [3954832 2015-08-02] (Tobias Erichsen)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309784 2017-02-21] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-21] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-21] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-21] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126088 2017-02-21] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [29432 2017-02-21] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [456456 2017-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [74680 2017-02-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [991496 2017-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337080 2017-02-21] (AVAST Software)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-03-07] (Malwarebytes)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-13] (Synaptics Incorporated)
R3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [41016 2015-07-12] (Tobias Erichsen)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-07 19:34 - 2017-03-07 19:35 - 00023824 _____ C:\Users\Marc Tannous\Desktop\FRST.txt
2017-03-07 19:34 - 2017-03-07 19:34 - 00000000 ____D C:\FRST
2017-03-07 19:33 - 2017-03-07 19:33 - 02423808 _____ (Farbar) C:\Users\Marc Tannous\Desktop\FRST64.exe
2017-03-07 18:35 - 2017-03-07 18:35 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-07 18:27 - 2017-03-07 18:27 - 00000000 ____D C:\Windows\pss
2017-03-07 13:54 - 2017-03-07 13:54 - 19827800 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-03-07 13:11 - 2017-03-07 19:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-07 13:11 - 2017-03-07 18:33 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-07 13:11 - 2017-03-07 13:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-07 13:11 - 2017-03-07 13:11 - 00003912 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-07 13:09 - 2017-03-07 13:09 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Marc Tannous\Desktop\flashplayer24pp_xa_install.exe
2017-03-03 15:14 - 2017-03-01 09:39 - 815017296 _____ C:\Users\Marc Tannous\Desktop\Trim to 5 Minute Video.MOV
2017-03-01 20:43 - 2017-03-01 21:20 - 00019384 _____ C:\Users\Marc Tannous\Desktop\Data Sheet for More Time FCT.xlsx
2017-03-01 13:47 - 2017-03-02 14:38 - 00000000 ____D C:\Users\Marc Tannous\Desktop\Comprehensive Behavior Plan
2017-02-28 20:55 - 2017-02-28 20:55 - 00204295 _____ C:\Users\Marc Tannous\Desktop\Carter et al. (2013).pdf
2017-02-28 20:55 - 2017-02-28 20:55 - 00091744 _____ C:\Users\Marc Tannous\Desktop\Ayres_et_al-2013-MobileTech.pdf
2017-02-28 11:52 - 2017-03-01 07:32 - 00011016 _____ C:\Users\Marc Tannous\Desktop\Self Prompting Sheet for Running Instructional Lesson for FCT.xlsx
2017-02-28 11:40 - 2017-03-06 21:30 - 00000000 ____D C:\Users\Marc Tannous\Desktop\Instructional Programs
2017-02-26 19:53 - 2017-02-26 19:53 - 00121845 _____ C:\Users\Marc Tannous\Desktop\Hoover & Patton, 2008.pdf
2017-02-26 19:52 - 2017-02-26 19:52 - 03432773 _____ C:\Users\Marc Tannous\Desktop\Bateman CH2.pdf
2017-02-26 19:50 - 2017-02-26 19:51 - 01553733 _____ C:\Users\Marc Tannous\Desktop\Bateman CH1.pdf
2017-02-26 17:30 - 2017-02-26 19:58 - 00027696 _____ C:\Users\Marc Tannous\Desktop\UDL data.xlsx
2017-02-26 08:41 - 2017-02-26 08:41 - 00214596 _____ C:\Users\Marc Tannous\Desktop\wintergrass-ticket-3538.pdf
2017-02-25 16:14 - 2017-02-25 16:14 - 01255107 _____ C:\Users\Marc Tannous\Desktop\IEP_Kindergarten_Autism.pdf
2017-02-25 09:25 - 2017-02-25 09:25 - 00018245 _____ C:\Users\Marc Tannous\Desktop\Equal Interval Graph
2017-02-25 09:24 - 2017-02-25 09:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marc Tannous\Desktop\HijackThis.exe
2017-02-24 19:48 - 2017-03-03 07:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-24 19:47 - 2017-03-03 07:30 - 00000000 ____D C:\Users\Marc Tannous\Desktop\mbar
2017-02-24 19:47 - 2017-03-02 20:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-24 19:46 - 2017-02-24 19:47 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marc Tannous\Desktop\mbar-1.09.3.1001.exe
2017-02-24 17:51 - 2017-03-07 18:34 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-24 17:51 - 2017-02-24 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-24 17:51 - 2017-02-24 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-24 17:51 - 2017-02-24 17:51 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-24 17:51 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-24 17:47 - 2017-02-24 17:47 - 55566792 _____ (Malwarebytes ) C:\Users\Marc Tannous\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-21 20:30 - 2017-03-07 18:44 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-21 20:30 - 2017-02-21 20:27 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-21 20:30 - 2017-02-21 20:27 - 00309784 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-21 20:30 - 2017-02-21 20:27 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-21 20:30 - 2017-02-21 20:27 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-21 20:29 - 2017-02-21 20:29 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-21 20:27 - 2017-02-21 20:27 - 00029432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-02-21 20:16 - 2017-02-21 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-21 20:15 - 2017-02-21 20:16 - 00000000 ____D C:\Program Files\iTunes
2017-02-21 20:15 - 2017-02-21 20:15 - 00000000 ____D C:\Program Files\iPod
2017-02-21 20:09 - 2017-02-21 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-02-21 20:09 - 2017-02-21 20:09 - 00000000 ____D C:\Program Files\7-Zip
2017-02-17 17:46 - 2017-02-17 17:46 - 00000000 ____D C:\Users\Marc Tannous\Desktop\WPN824v2 Firmware Version 2.0.26 (NA)
2017-02-17 13:30 - 2017-02-17 13:30 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\{29A98EC7-B61B-4671-84BC-D3837F8689CC}
2017-02-13 16:47 - 2017-02-13 16:47 - 00000000 _____ C:\Windows\SysWOW64\last.dump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-07 18:42 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-07 18:42 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-07 18:35 - 2015-08-15 09:07 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-07 18:34 - 2015-09-20 04:38 - 00436544 _____ C:\Windows\ntbtlog.txt
2017-03-07 18:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-07 18:30 - 2014-01-24 17:21 - 00000000 ____D C:\Users\Marc Tannous\AppData\Roaming\SoftGrid Client
2017-03-07 13:54 - 2013-03-20 05:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-07 13:54 - 2013-03-20 05:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-07 13:54 - 2013-03-20 05:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-07 13:54 - 2013-03-20 05:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-07 13:12 - 2014-04-02 15:31 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\Adobe
2017-03-07 11:06 - 2014-01-24 16:35 - 00076088 _____ C:\Users\Marc Tannous\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-06 13:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-04 10:05 - 2016-10-02 14:51 - 00000000 ____D C:\Users\Marc Tannous\Desktop\UW Assignments
2017-03-03 09:31 - 2017-01-12 12:51 - 00000352 _____ C:\Windows\BRRBCOM.INI
2017-02-28 07:25 - 2016-01-12 16:36 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1452645413
2017-02-26 10:00 - 2014-03-31 18:04 - 00000000 ____D C:\Users\Marc Tannous\AppData\Roaming\foobar2000
2017-02-25 11:22 - 2014-01-24 16:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-25 09:52 - 2014-01-24 16:35 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\VirtualStore
2017-02-24 19:01 - 2014-08-15 15:24 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-24 19:01 - 2014-08-15 15:24 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 18:56 - 2015-05-11 16:10 - 00000000 ____D C:\Users\Marc Tannous\Downloads\Worse things still happen at sea_ the shipping disasters we never hear about _ World news _ The Guardian_files
2017-02-22 18:21 - 2013-03-20 05:14 - 00000000 ____D C:\ProgramData\Skype
2017-02-22 09:53 - 2014-01-24 16:38 - 00000000 ____D C:\Users\Marc Tannous\Documents\Bluetooth Folder
2017-02-22 09:46 - 2015-08-01 13:16 - 00000000 ____D C:\temp
2017-02-22 09:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-21 20:30 - 2014-01-24 16:44 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-02-21 20:29 - 2014-04-22 18:40 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-21 20:29 - 2014-01-24 16:44 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-21 20:29 - 2014-01-24 16:44 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148773781720804
2017-02-21 20:29 - 2014-01-24 16:44 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-21 20:29 - 2014-01-24 16:44 - 00126088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-21 20:29 - 2014-01-24 16:44 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-21 20:29 - 2014-01-24 16:44 - 00074680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-21 20:28 - 2016-01-12 16:04 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-21 20:28 - 2014-01-24 16:44 - 00991496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-21 20:27 - 2016-05-13 14:42 - 00456456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-02-21 20:15 - 2014-04-02 16:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-21 18:31 - 2016-10-29 08:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 09:18 - 2014-03-31 17:41 - 00000000 ____D C:\Users\Marc Tannous\AppData\Local\Apple Computer
2017-02-06 16:30 - 2014-01-24 16:45 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-12-24 09:02 - 2014-12-24 09:02 - 0000100 _____ () C:\Users\Marc Tannous\AppData\Local\fusioncache.dat
2016-09-04 11:54 - 2016-09-04 11:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-08-06 05:49 - 2013-08-06 05:52 - 0002439 _____ () C:\ProgramData\clear.fiSDK20.log
2017-01-08 15:18 - 2017-01-08 15:18 - 0005051 _____ () C:\ProgramData\czchsjpj.srw
2017-01-08 15:18 - 2017-01-08 15:18 - 0000016 _____ () C:\ProgramData\mntemp
2013-08-06 05:52 - 2013-08-06 05:52 - 0000032 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
2016-10-28 20:48 - 2016-10-28 20:49 - 33860328 _____ (Ellora Assets Corporation                                   ) C:\Users\Marc Tannous\AppData\Local\Temp\FreemakeVideoConverterFull.exe
2016-12-14 10:04 - 2016-12-14 10:04 - 0739904 _____ (Oracle Corporation) C:\Users\Marc Tannous\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-03-21 07:12 - 2016-03-21 07:12 - 0736320 _____ (Oracle Corporation) C:\Users\Marc Tannous\AppData\Local\Temp\jre-8u77-windows-au.exe
2017-03-04 13:11 - 2017-03-04 13:11 - 0005632 _____ () C:\Users\Marc Tannous\AppData\Local\Temp\oj975jed.dll
2016-02-28 09:01 - 2017-03-07 18:35 - 0320272 _____ (Labtiva Inc.) C:\Users\Marc Tannous\AppData\Local\Temp\ReadCubeTray64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 13:02

==================== End of FRST.txt ============================

 

This is the addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by Marc Tannous (07-03-2017 19:35:21)
Running from C:\Users\Marc Tannous\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-01-25 00:34:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3622033208-2468118113-1462319251-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3622033208-2468118113-1462319251-1002 - Limited - Enabled)
Guest (S-1-5-21-3622033208-2468118113-1462319251-501 - Limited - Disabled)
Marc Tannous (S-1-5-21-3622033208-2468118113-1462319251-1000 - Administrator - Enabled) => C:\Users\Marc Tannous

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.103 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adams Guitar (HKLM-x32\...\46D88D6E-2384-4DFA-A02C-7ED5B10234D6) (Version: 1.0 - Adams Guitar)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Anki (HKLM-x32\...\Anki) (Version:  - )
AnyTrans (HKLM-x32\...\AnyTrans) (Version: 5.2.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.103 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-L8850CDW (HKLM-x32\...\{A3C8ED27-D848-441A-AE81-E42E27109558}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1702 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2727_43992 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Duskers (HKLM\...\Steam App 254320) (Version:  - Misfits Attic)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Edthena Video Tool version 1.0.0 (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\{1EEFC7B0-8DB6-4160-857F-6B547DAF385E}_is1) (Version: 1.0.0 - R3 Collaboratives, Inc.)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\Flux) (Version:  - )
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
foobar2000 v1.3.1 (HKLM-x32\...\foobar2000) (Version: 1.3.1 - Peter Pawlowski)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Free FLAC Player (HKLM-x32\...\{A1FBD437-D823-4438-A491-5F16B8BE3CFB}) (Version: 1.00.0000 - Media Freeware)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GNU Backgammon (Version 1_05_000, 20150725) (HKLM-x32\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
GoldWave v6.24 (HKLM\...\GoldWave v6.24) (Version: 6.24 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{FD93EB2A-3768-4B16-BDDF-3E2F5667A0A0}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
loopMIDIBlockLegacy (x32 Version: 9.9.9.9 - Tobias Erichsen) Hidden
Magic Assistant (HKLM\...\{45FB1CF2-FEB9-4335-8D35-DA0D1E8EEB6F}) (Version: 1.3.1.14 - Reflex IT)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.1.1 - Movavi)
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
New Yorker Viewer (HKLM-x32\...\New Yorker Viewer1.0) (Version: 1.0 - The New Yorker)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH)
Penguin version 10 (HKLM-x32\...\{8A01202D-DB75-4C7A-B69D-B63C644FAE25}_is1) (Version: 10 - Dariusz Stachowski)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhoneBrowse 3.2.0 (HKLM-x32\...\{6A4F3A46-FC4A-4B5C-917C-B9BAAB99FE01}}_is1) (Version: 3.2.0 - iMobie Inc.)
PhoneTrans 4.2.5 (HKLM-x32\...\{37823FA5-B4AA-458A-AADA-027A95958911}}_is1) (Version: 4.2.5 - iMobie Inc.)
PhotoTrans 1.8.1 (HKLM-x32\...\{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1) (Version: 1.8.1 - iMobie Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
ReadCube (HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\...\ReadCube) (Version:  - Labtiva, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
rtpMIDI (HKLM-x32\...\{c6191bca-2915-42ed-a491-fabd9c29c08d}) (Version: 1.1.6.238 - Tobias Erichsen)
rtpMIDI (x32 Version: 1.1.6.238 - Tobias Erichsen) Hidden
rtpMIDIBlockLegacy (x32 Version: 9.9.9.9 - Tobias Erichsen) Hidden
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
teVirtualMIDI64 (Version: 1.2.10.38 - Tobias Erichsen) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ultima 4 - Quest of the Avatar (HKLM-x32\...\GOGPACKULTIMA4FREE_is1) (Version: 2.0.0.19 - GOG.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VASSAL (3.2.13) (HKLM\...\VASSAL (3.2.13)) (Version: 3.2.13 - vassalengine.org)
Video Edit Master (HKLM-x32\...\{35A99221-DAF4-4769-880F-ECC57548FBCC}) (Version: 2.0.0 - Hazem Osman)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VSDC Free Video Editor version 5.5.0.601 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 5.5.0.601 - Flash-Integro LLC)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3622033208-2468118113-1462319251-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marc Tannous\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12BA9EB1-76F9-4978-8362-790EDF1265C8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1CA8E271-119F-47F9-8385-ADE962FD1DEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {24E53FC3-A000-451F-BC2C-25AE44169137} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-07] (Adobe Systems Incorporated)
Task: {272C8CEC-30AD-404F-A6BD-59CA0E40EAC0} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-03-27] (CyberLink)
Task: {30065E7B-38F1-48D3-AD57-2D53EA568A41} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {4C38CC9E-F257-4E0F-AA05-6FF51FBC72A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {577A7404-2589-4223-92F2-D38CBA75253A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {88386F79-13E0-4BF8-882C-359444C72D2B} - System32\Tasks\SafeZone scheduled Autoupdate 1452645413 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {8D59832B-D25C-42A8-886A-40E7DF3D49E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {9D98291B-6B71-4447-9A53-3D26FB2F78F7} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {B212B35E-F31A-4F09-A6F7-DF7686A78B6B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-03-07] (Adobe Systems Incorporated)
Task: {B8842D8E-B853-4653-9802-D25C095EB370} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-21] (AVAST Software)
Task: {E2557D40-B595-4DB0-B9CF-8412723645DB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Marc Tannous\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-24 17:51 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-21 20:28 - 2017-02-21 20:28 - 00162600 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-02-21 20:29 - 2017-02-21 20:29 - 00792656 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2013-03-20 05:21 - 2012-03-26 16:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-28 20:49 - 2016-10-17 15:05 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-02-21 20:29 - 2017-02-21 20:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-07 11:13 - 2017-03-07 11:13 - 05883904 _____ () C:\Program Files\AVAST Software\Avast\defs\17030705\algo.dll
2017-02-21 20:29 - 2017-02-21 20:29 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-03-31 14:08 - 2012-03-31 14:08 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-03-31 14:08 - 2012-03-31 14:08 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-03-31 14:08 - 2012-03-31 14:08 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-07-16 05:00 - 2016-07-16 05:00 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-21 20:27 - 2017-02-21 20:27 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-01-12 10:58 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2016-05-12 10:18 - 2016-05-12 10:18 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
2013-03-20 05:03 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-06 05:31 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-02-06 16:30 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 16:30 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3622033208-2468118113-1462319251-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marc Tannous\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C1CD171D-A63C-435D-AE96-51D916E7F7F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{80008F5E-F97E-4019-8D4F-A239295B2186}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F62E8827-1FE2-48F7-A4A7-25B890382D6F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{48B824D0-D460-42BD-AAAF-67570FD7B2B6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{01F35C41-2479-4BDA-859B-FFDBA38C51A7}] => (Allow) LPort=2869
FirewallRules: [{43161D11-D7EC-427A-BFD3-F39D619427C9}] => (Allow) LPort=1900
FirewallRules: [{78A1B605-1440-436D-9FE2-5D87EAA96EE7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5D65ABFE-431C-4AC6-8BAC-11A9728AA4DF}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B5A6CFDD-45F1-4AAE-8381-79B13A062953}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{16E96122-9EF7-4AC4-B49F-07E9FF6CA0D8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{5631556E-D0B0-47F6-97D9-9224F13692BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{D7FF6D6C-65E5-4EF3-B2C2-F562D3B50905}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{AD86EF88-36A0-4390-9E04-C0D9AE3339B6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{3602A412-EB0C-427C-8FAB-653E183F08D0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{4791EA40-C024-477A-A7C4-14139E5154AF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5BAECA65-58DA-4525-8292-F41987940FC9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{53FF7233-D2CD-4636-A557-489E826544C0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\Movie\PlayMovie.exe
FirewallRules: [{277CC04F-A8E6-4CB1-B636-3102B56CC90E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{9D4FA8DD-CE87-4015-8382-DDD21EBE1574}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{C6AA5C6F-D92F-4706-A3CD-9EAC2E6364A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{82DA2B85-C718-45B4-8F75-8532089338DA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{79B21130-5843-4A93-A6A7-5E9AE144FFFF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{AE15B31A-3E5F-464E-BB38-ED7034F31B1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{676133B4-F2F1-4B1D-ABF2-CB22BEF50DDE}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{63650D47-3E68-44F1-93FE-B219E8D7F00C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{C45BC583-227B-4A30-9D23-0ACDB9927CB2}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{5EC11A12-993A-450B-A43B-AFFEE4031980}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{1E1D22A5-BE6D-49BE-9771-40EA21241799}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{4B91C5F1-6F27-47E2-AFD0-BBB3BC077999}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{40DFB97C-8EAF-4196-B355-CE5B4E8544D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F8C53766-B469-42CF-9186-FD43AD01DCB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{0E5C813B-EF59-44E6-A73A-F62F3A605827}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8CECE56C-29E8-4AAF-AC43-F867BC0EDF82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1702590D-8424-4A46-ABA6-486224054E47}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6C6C61C5-AE2C-4D60-BC24-66F17B7F3D4D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6152C63A-1863-4FF5-822B-06008EFFC21A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{AD39A0A4-CD1D-409B-A4CE-B7669AAF9888}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E4A06EF7-2032-40C0-89E6-4C1C7916A017}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7D8CCAE5-2928-4137-9753-179233CE2438}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7B36C2BC-C286-47F8-A3E8-BEE402A9800D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{64593FA8-E47E-442F-9C04-9982D6CBCF38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duskers\Duskers.exe
FirewallRules: [{1B906CFE-5647-4366-A1AC-9B5A8C840B5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duskers\Duskers.exe
FirewallRules: [{A46E1F68-DF3C-439C-B5C6-24310F047FD4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DEAE1926-D4A8-4F4D-B13A-41FD5E0D30A3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B62BC9E9-B038-4346-A46C-2B1E8F8CFAD7}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{F44C97D8-47A7-4794-9EC8-7E1067D5790B}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{66DE124D-5070-424A-86E8-47527346741E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3E2F5576-7D64-4AF2-9317-017BA8766B74}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{12EF0393-5951-44DE-898D-0985AC8FC7DE}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{951CF58E-4B2C-4839-B84E-75D848DA525D}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{5BEFB1AA-EABC-496A-8621-0188958C19D9}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C89AB493-23E4-409A-8438-E1508ABCE40E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{C19CB9B7-88C9-468D-BE06-1409B8CCC687}] => (Allow) C:\Users\Marc Tannous\AppData\Local\Temp\7zS38E2\HP.EasyStart.exe
FirewallRules: [{D547225D-F95F-43DD-9AC3-117D423005F0}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe
FirewallRules: [{031469FB-D59D-40FB-856B-C292BAAB21EE}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe
FirewallRules: [{332C817C-7DA9-453B-85BD-2A12FB35F185}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe
FirewallRules: [{2F288DE9-0BDF-4500-B899-9F5D3E9B1B56}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe
FirewallRules: [{49EC2019-0771-4BBC-B394-C93900201F2E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe
FirewallRules: [{843DE9F1-04A5-4A3C-930C-B51E2AF453CA}] => (Allow) LPort=5357
FirewallRules: [{6E42B1F9-47A3-4594-9C69-52D7E603510C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C2EBA7FE-EE84-407E-99A3-08C6B2807FDB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{6C8F3A8A-B1A1-49AE-8B0A-F84109B92A36}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{E0E49185-6B46-48D7-A265-A04171AF9E23}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{6379D07D-6D7E-4DD3-8838-BB360FF2567E}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{94C8CE60-B5C9-4814-A6FD-87353E618CB7}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{AEBF32AA-68CD-4679-8DEE-D65F82A55BD9}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Activation.exe
FirewallRules: [{B87B5BDF-BDB0-4420-9664-F02785885847}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{CEBEB7C9-7BAC-48F2-A627-1DA0E35FB199}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{7002B960-3872-42DE-9C0A-295D9D945ED5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{CD261715-8DC6-4B84-BDBF-0EAD544E9100}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{FA39C334-E6AF-4240-8F20-3D861D5069FB}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{A09A6AF3-434D-48A8-8985-75A5521D732A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{758C6EFF-BB39-4B46-9D3A-100B7D6B0A2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3CE333AD-1D51-4C16-89DD-A1D309681BDA}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B9ECB613-8A71-469D-85AC-DAA6E762DB72}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{7B16EE33-1C80-4C1F-A99A-AAB3272F0A96}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{D5136432-28AE-4B59-BAE0-66064FD5A3B3}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B4B239D3-8FB9-4FA3-9E5B-F277B838F7C1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{491F1353-919D-4F1E-B2A2-1A7D8FA4BF45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A07B278-26D0-4038-973A-68A0C62FE761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1300EE8D-440C-412E-AB1C-175316B02D1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{535723E3-BDF7-4045-A676-CF75F4EA730A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{60EB8FD2-2CE3-467C-85B4-C3FB3698151E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{82BC050F-3078-4334-9914-6A1D60634565}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{8313F583-F201-4BB3-BB80-3794C18F69D2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{EAE5742F-C256-4203-80FC-72EEDE124C72}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{D9700431-EA91-4E9D-A104-599778DD8977}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{762E2583-734E-478A-8846-C1C12581E0B2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{3D91CDF8-1039-4A50-91AD-20CBF3C4DA51}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{5E900344-5F1C-4DE1-863E-EF8956029106}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{E75A85E2-440C-420C-A65C-D54AC6B2AA59}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{9C8B21A4-0B6E-4B5C-8ECD-776624E1E073}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{CF9DF258-9A2C-4049-80A8-CCE211B711D5}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B7101457-5102-47E9-BC8C-8A124E6D70D1}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{130B00FE-5570-458D-9B77-66C09CE8C531}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{639CB9D5-D1B5-4757-A909-BC57F6FC4A21}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B3505E91-00D9-42F8-B9B5-8738DCC15793}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B1A8C207-3B7A-45BB-ADBD-F41201AB2EED}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{3DDD9006-2CDC-4EDD-8F36-43F8C68CC94E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{FBB9275E-56DE-45CA-99C3-31B96431247F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{06DDBDD7-F787-4E6B-AEE0-96FA4E46D6D4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0C3CBDFA-A40B-4552-BC73-F0FB87343137}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1C819FE7-4DC2-4599-B49A-106AEB83F932}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{34A84E03-84B1-4AB6-AE31-C0186AAC6431}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{2821DC17-6B5B-4858-8C0B-0A0CD48BDE38}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{B4B2D76A-317B-4BA5-8668-DEA6181AB721}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{35E7241B-6FA2-4A72-8071-78D9D58CAE8E}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{8349120B-7346-4B0E-908B-D8973643406A}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{85090703-7633-4D7B-800E-19F0CEE7B7C4}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{BD351271-6A19-48CB-814A-1F4AB9BFFC32}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{76109EE8-532B-4588-A42C-5C036EDCF2AE}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0A562B07-624E-4CCA-8FE1-29053310C122}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{0490A12B-025D-4C59-B25C-658209D10656}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{03DABED7-D346-4A9A-B3A8-420F46657A35}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{45B94396-2096-4E7B-BB4C-14A11994318D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{5F49F715-2343-4A40-ABE0-43BE1B3F678F}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{A197DD35-7A07-4606-87B9-99FB3480C7EF}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{DF3C25EE-1922-4C43-8617-CD7049391CA6}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{901CEDEC-30AD-4404-AA54-98D540489E28}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
FirewallRules: [{10999C54-BF86-486A-8A2F-54029002161C}] => (Allow) C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe

==================== Restore Points =========================

15-10-2016 15:35:26 Scheduled Checkpoint
16-10-2016 07:50:25 Windows Update
18-10-2016 19:17:44 Windows Update
20-10-2016 06:35:56 Quik
20-10-2016 06:43:21 Windows Modules Installer
21-10-2016 19:50:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
21-10-2016 20:09:37 Installed Video Edit Master
30-10-2016 16:29:29 Scheduled Checkpoint
04-11-2016 16:59:51 Removed HP OfficeJet Pro 8710 Basic Device Software
04-11-2016 17:00:51 Quik
04-11-2016 17:47:01 Quik
04-11-2016 17:52:41 Windows Modules Installer
09-11-2016 07:08:11 Windows Update
11-11-2016 19:29:38 Windows Update
21-11-2016 15:03:21 Scheduled Checkpoint
08-12-2016 17:02:20 Scheduled Checkpoint
10-12-2016 13:30:59 Installed DaVinci Resolve
10-12-2016 14:04:27 Installed QuickTime 7
14-12-2016 03:00:42 Windows Update
21-12-2016 09:22:32 Scheduled Checkpoint
26-12-2016 11:25:28 Removed DaVinci Resolve
26-12-2016 11:28:18 Quik
02-01-2017 18:31:09 Scheduled Checkpoint
08-01-2017 15:40:18 Installed Apple Mobile Device Support
08-01-2017 15:44:27 Installed Apple Application Support
12-01-2017 08:00:36 Windows Update
12-01-2017 10:58:08 Installed Brother Software Suite
12-01-2017 12:52:09 Device Driver Package Install: Brother Printers
15-01-2017 08:06:47 Installed iCloud
23-01-2017 20:31:46 Scheduled Checkpoint
31-01-2017 16:19:37 Scheduled Checkpoint
11-02-2017 15:10:23 Scheduled Checkpoint
21-02-2017 20:30:45 Device Driver Package Install: Avast Network Service
24-02-2017 19:00:39 Windows Update
04-03-2017 13:12:48 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2017 07:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2438873

Error: (03/07/2017 07:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2438873

Error: (03/07/2017 07:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2017 06:44:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (03/07/2017 06:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/07/2017 05:50:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

Error: (03/07/2017 05:50:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005

Error: (03/07/2017 05:50:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/07/2017 04:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2045236

Error: (03/07/2017 04:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2045236


System errors:
=============
Error: (03/07/2017 06:34:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/07/2017 06:31:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (03/07/2017 06:31:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {D0904ECD-CC91-11E4-BAB1-D4BED9D4D463} did not register with DCOM within the required timeout.

Error: (03/07/2017 06:28:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {D0904ECE-CC91-11E4-B4BB-D4BED9D4D463} did not register with DCOM within the required timeout.

Error: (03/07/2017 02:19:16 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2607:fb90:278a:2954:dc44:523e:6132:2f92 with the system
having network hardware address 00-15-FF-D0-DC-2D. Network operations on this system may
be disrupted as a result.

Error: (03/07/2017 07:38:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/06/2017 07:46:35 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user MarcTannous-PC\Marc Tannous (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (03/06/2017 05:21:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/06/2017 04:53:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (03/06/2017 04:18:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswbIDSAgent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2016-08-12 08:42:49.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 08:42:49.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 05:40:58.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 05:40:58.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-08 15:56:55.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-08 15:56:55.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 07:56:43.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-07 07:56:43.473
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 19:31:13.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-02 19:31:13.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 62%
Total physical RAM: 3934.36 MB
Available physical RAM: 1490.63 MB
Total Virtual: 7866.89 MB
Available Virtual: 5109.36 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:49.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC2A7643)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thanks again.

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Oh I forgot or got to mention, I scanned with Malwarebytes but it kept getting locked around 70,000 files so i created custom scans and did each element of the full scan one at a time. The Avast scan also got stuck until I did custom scans. All had zero positives. My computer locked a few times as well - hard to know if any of that is related.

 

 

Link to post
Share on other sites

Hello BitBot and :welcome: Forum.

I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please DO NOT run any tools on your own and follow the directions in the order listed.

Make sure to run all the tools with Administrator previligies.

With that being said, let's start.


iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file.
  • Right-click on the FRST64 executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode

  • Open Malwarebytes;
  • On the left pane select Settings and then select Protection tab;
  • Scroll down to Scan Options, ensure Scan for Rootkits and Scan within Archives are both on;
  • Go back to DashBoard and select the blue Scan Now tab;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;

 

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

 

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: BleepingComputer.com and Aura
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

 

To summarize, in your next reply please post the entire contents of:

  • fixlog.txt produced by FRST;
  • Malwarebytes clean log;
  • AdwCleaner clean log;
  • JRT log;

Also let me know how is the computer running.

fixlist.txt

Edited by Android8888
To attach the file fixlist.txt
Link to post
Share on other sites

Hi Android8888! So I've run into trouble using the Malwarebytes scan - I can only complete scans if I select fewer elements, like just scanning for rootkits without archives clicked, or doing a non-rootkit scan. Also the scanner gets stuck whenever I try to include archives. I'm completing the other scans/fixes in the meanwhile. I've had the same difficulty with my Avast scan (before my initial post.)

 

Thanks again for your help!

Edited by BitBot
typos
Link to post
Share on other sites

Hello BitBot.

On 12/03/2017 at 7:37 PM, BitBot said:

I'm completing the other scans/fixes in the meanwhile.

Please let me know if you were able to run the FRST fix and the other scans.

Thank you.

Link to post
Share on other sites

Hi BitBot.

The fix removed about 36 GBytes of temporary data.

Now let's run a scan with RogueKiller. I need to see its log.

NOTE: DO NOT fix or remove anything it found. Just post the entire content of the scan log for my review.

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.


Please copy and paste the contents of RKlog.txt to your next reply.

How is the computer running at this point?

Link to post
Share on other sites

Here is the scan! My computer has actually been running fairly normally - after the initial incident it seemed to be freezing a lot or having trouble shutting down but it's been running smooth for past week and a half. I've had an issue where the it sometimes doesn't recognize that the battery is charged, but that is likely not related.

Thanks!

RogueKScan.txt

Link to post
Share on other sites

The entries in the RogueKiller log are not malware related nor is the battery issue.

Now please perform a scan with ESET Online Scanner to search for leftovers of infection that may have been left in your system.

  • Click on this link to open ESET Online Scanner in a new window.
  • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  • Close all your programs and browsers.
  • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Re-enable your antivirus program.

Please post the ESET log (if it produced one). Are there more issues or concerns with the computer?

Link to post
Share on other sites

Hello BitBot.

Now your computer appear to be free of malware.

You can run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

 

If the computer is running well, you can now delete the tools that were used in the malware removal process. Please proceed as follow:

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator;
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;

Link to post
Share on other sites

Hi Android8888, sorry for the interruption! So I used FileHippo and updated my files, and then ran DelFix - only catch is I closed the .txt before I copy and pasted and then realized the file hadn't auto saved on my desktop. The log, before it vanished, listed the software you had me download and Hijackthis as removed, and cleared a familiar list of restore points. I made sure to select all the boxes including the registry backup before running.

Things are looking good!

Link to post
Share on other sites

Hi BitBot.

Things are looking good!


I'm glad everything is good now. :)


To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to Adobe Flash Player, Adobe Reader, Java and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.


Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here


For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:

How did I get infected in the first place

Answers to common security questions - Best Practices


Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. :cool:

Android8888.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.