Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Adware from CamStudio


  • This topic is locked This topic is locked
7 replies to this topic

#1 IronicCatalyst

IronicCatalyst

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 07 March 2016 - 02:29 PM

JUST REALISED THIS WAS A DOUBLE POST, MY BAD.
I was trying to look for an alternative to Camtasia and stubled upon the dreaded CamStudio. I downloaded it without a doubt in an attempt to finish a project I've been working on. I looked it up while it was downloading and discovered that it was a definite AdWare. I then noticed suspicious extesions such as Google to Yahoo engine and a Palinka extension. I quickly uninstalled the file along with other suspicous files, ran a quick scan where Avast caught atleast 1 adware (not sure if thats correct terminology), cleaned my extensions, and ran adwcleaner. Just wanting to make sure, am I safe now or is there still more to it since I read somewhere that adware started popping up after a few weeks. Just found this site and it looks like a good community :D . Thanks in advance to those willing to help out.
 
Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Mel Pepper (administrator) on MELPepper (08-03-2016 03:10:16)
Running from C:\Users\Mel Pepper\Downloads
Loaded Profiles: Mel Pepper (Available Profiles: Mel Pepper)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files (x86)\Hostless Modem\Turkcell VINN\CheckNDISPort_df.exe
(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-12] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-18] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-24] (Toshiba)
HKLM-x32\...\Run: [CheckNDISPort_df] => C:\Program Files (x86)\Hostless Modem\Turkcell VINN\CheckNDISPort_df.exe [442696 2012-10-10] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-03] (Avira GmbH)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Run: [L08AXLRD_525462750] => "C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Run: [E09AXLRD_1637863734] => C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE [351000 2008-06-03] (Microsoft Corporation)
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Run: [GoogleChromeAutoLaunch_6E0161316244ED1E70CAE3151954AB7B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Run: [Chromium] => "c:\users\mel Pepper\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\MountPoints2: {74298556-0a4a-11e4-826e-78843c35810b} - "E:\Startme.exe" 
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\Run: [] => 0
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-11] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-07-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2014-02-03]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\WebshotsTray.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 124.106.6.2 124.106.5.37
Tcpip\..\Interfaces\{15808267-B708-4216-9C7A-8162A59E643F}: [DhcpNameServer] 40.40.1.201 40.40.1.203
Tcpip\..\Interfaces\{D769E32C-1297-48B3-958A-3C025FBCB233}: [DhcpNameServer] 124.106.6.2 124.106.5.37
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0Dzy0Dzy0CtDtA0CyB0BtN0D0Tzu0StCyDtByEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0D0CtD0Bzz0BzytGyByCyCyDtGyDtDzz0CtGtByDyD0EtG0E0CtD0DyB0DtDtC0DyEyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0A0AyB0EtD0A0FtGtCyBtCtAtGyEyCyByBtG0ByB0C0EtGtAtDtA0EyBzz0DzzyBzy0E0A2QtN0A0LzuyE%26cr%3D1029591595%26a%3Dwbf_pwrisofs_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3448265569-3600445-3889215138-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3448265569-3600445-3889215138-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0Dzy0Dzy0CtDtA0CyB0BtN0D0Tzu0StCyDtByEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0D0CtD0Bzz0BzytGyByCyCyDtGyDtDzz0CtGtByDyD0EtG0E0CtD0DyB0DtDtC0DyEyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0A0AyB0EtD0A0FtGtCyBtCtAtGyEyCyByBtG0ByB0C0EtGtAtDtA0EyBzz0DzzyBzy0E0A2QtN0A0LzuyE%26cr%3D1029591595%26a%3Dwbf_pwrisofs_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-11] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-11] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Mel Pepper\AppData\Roaming\Mozilla\Firefox\Profiles\jovu7zd8.default
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-09] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Mel Pepper\AppData\Roaming\Mozilla\Firefox\Profiles\jovu7zd8.default\searchplugins\google-avast.xml [2015-01-18]
FF SearchPlugin: C:\Users\Mel Pepper\AppData\Roaming\Mozilla\Firefox\Profiles\jovu7zd8.default\searchplugins\yahoo-ysp.xml [2015-10-23]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR StartupUrls: Default -> "","hxxp://google/","hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_16_09&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0Dzy0Dzy0CtDtA0CyB0BtN0D0Tzu0StCyDtByEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyC0D0CtD0Bzz0BzytGyByCyCyDtGyDtDzz0CtGtByDyD0EtG0E0CtD0DyB0DtDtC0DyEyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0A0AyB0EtD0A0FtGtCyBtCtAtGyEyCyByBtG0ByB0C0EtGtAtDtA0EyBzz0DzzyBzy0E0A2QtN0A0LzuyE%26cr%3D1029591595%26a%3Dwbf_pwrisofs_16_09%26os_ver%3D6.3%26os%3DWindows%2B8.1","hxxp://www.palikan.com/?f=7&a=plk_camstd_16_10&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0Dzy0Dzy0CtDtA0CyB0BtN0D0Tzu0StCyDtByBtN1L2XzutAtFtCzztFtCtFyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyCtD0B0CyC0CzytGtB0AtC0CtG0D0B0DyBtGyByDzztAtG0EtB0F0DyDzzzytB0Azz0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0A0AyB0EtD0A0FtGtCyBtCtAtGyEyCyByBtG0ByB0C0EtGtAtDtA0EyBzz0DzzyBzy0E0A2QtN0A0LzuyE&cr=1389529950&ir="
CHR Profile: C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-16]
CHR Extension: (Avast Online Security) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Mel Pepper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [ljibkigjccbegnbeojkoafejpoiachej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-31] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [108289 2009-05-14] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [185089 2009-07-22] (Avira GmbH) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570120 2016-02-11] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-11] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-17] (TODO: <Company name>) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [29184 2015-05-12] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-11] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74880 2009-11-26] (Avira GmbH)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-17] (GenesysLogic)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-02-11] (AVAST Software)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-20] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2016-02-11] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-24] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-03-24] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 03:02 - 2016-03-08 03:04 - 00034548 _____ C:\Users\Mel Pepper\Downloads\Addition.txt
2016-03-08 02:59 - 2016-03-08 03:10 - 00024421 _____ C:\Users\Mel Pepper\Downloads\FRST.txt
2016-03-08 02:58 - 2016-03-08 03:10 - 00000000 ____D C:\FRST
2016-03-08 02:57 - 2016-03-08 02:57 - 02374144 _____ (Farbar) C:\Users\Mel Pepper\Downloads\FRST64.exe
2016-03-08 02:40 - 2016-03-08 02:48 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 02:36 - 2016-03-08 02:36 - 01524224 _____ C:\Users\Mel Pepper\Downloads\adwcleaner_5.101.exe
2016-03-08 02:16 - 2016-03-08 02:18 - 00000000 ____D C:\Program Files\CamStudio 2.7
2016-03-08 02:16 - 2016-03-08 02:16 - 00000096 _____ C:\Users\Mel Pepper\AppData\Roaming\version2.xml
2016-03-08 02:10 - 2016-03-08 02:16 - 209306775 _____ (Autodesk, Inc.) C:\Users\Mel Pepper\Downloads\Unconfirmed 650543.crdownload
2016-03-08 01:22 - 2016-03-08 01:55 - 329182995 _____ (Autodesk, Inc.) C:\Users\Mel Pepper\Downloads\Unconfirmed 747436.crdownload
2016-03-08 01:19 - 2016-03-08 01:55 - 378034595 _____ (Autodesk, Inc.) C:\Users\Mel Pepper\Downloads\Unconfirmed 396662.crdownload
2016-03-08 01:19 - 2016-03-08 01:53 - 259967288 _____ C:\Users\Mel Pepper\Downloads\camtasia.exe
2016-03-08 01:17 - 2016-03-08 01:17 - 00214977 _____ C:\Users\Mel Pepper\Downloads\Pepper_AVELINO_KEPLER_GRP2_4THQUARTER1.dwg
2016-03-07 22:20 - 2016-03-07 22:21 - 03640354 _____ C:\Users\Mel Pepper\Downloads\INFECTIOUS-DISEASES (1).pdf
2016-03-06 19:37 - 2016-03-06 19:51 - 259967288 _____ C:\Users\Mel Pepper\Downloads\Unconfirmed 100203.crdownload
2016-03-06 19:28 - 2016-03-06 19:28 - 00338280 _____ (Autodesk Inc.) C:\Users\Mel Pepper\Downloads\AutoCAD_2016_English_Win_64bit_r1_wi_en-us_Setup_webinstall (1).exe
2016-03-06 19:25 - 2016-03-08 01:21 - 00006787 _____ C:\Users\Mel Pepper\Downloads\AutoCAD_2016_English_Win_64bit_r1_wi_en-us_Setup.exe
2016-03-06 19:24 - 2016-03-06 19:24 - 00338280 _____ (Autodesk Inc.) C:\Users\Mel Pepper\Downloads\AutoCAD_2016_English_Win_64bit_r1_wi_en-us_Setup_webinstall.exe
2016-03-06 18:49 - 2016-03-06 18:49 - 00001915 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-03-06 18:15 - 2016-03-06 18:16 - 09943824 _____ C:\Users\Mel Pepper\Downloads\TCH0174900J.exe
2016-03-05 10:53 - 2016-03-07 21:53 - 00000097 _____ C:\Users\Mel Pepper\AppData\Roaming\WB.CFG
2016-03-05 10:43 - 2016-03-05 10:43 - 00473600 _____ C:\Users\Mel Pepper\Downloads\6. Special Law on Counterfeit Drugs-2.ppt
2016-03-05 10:39 - 2016-03-05 10:39 - 00637473 _____ C:\Users\Mel Pepper\Downloads\PharmSem_-Inorganic-v2.0-for-printing (1).pdf
2016-03-05 10:38 - 2016-03-05 10:39 - 03640354 _____ C:\Users\Mel Pepper\Downloads\INFECTIOUS-DISEASES.pdf
2016-03-05 10:38 - 2016-03-05 10:38 - 00637473 _____ C:\Users\Mel Pepper\Downloads\PharmSem_-Inorganic-v2.0-for-printing.pdf
2016-03-04 22:48 - 2016-03-08 02:16 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-04 22:48 - 2016-03-05 10:53 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\{88AFBEF3-AC07-D24B-C19F-F7A3E5F70B3B}
2016-03-04 22:48 - 2016-03-04 22:48 - 00000000 ____D C:\Users\Mel Pepper\AppData\Roaming\PowerISO
2016-03-04 22:47 - 2016-03-08 01:57 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-03-04 22:47 - 2016-03-04 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-03-04 22:47 - 2016-02-10 21:21 - 00137280 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-03-04 22:45 - 2016-03-04 22:46 - 03723197 _____ C:\Users\Mel Pepper\Downloads\PowerISO6.zip
2016-03-04 22:38 - 2016-03-04 22:41 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2016-03-04 22:38 - 2016-03-04 22:38 - 00000000 ____D C:\Users\Mel Pepper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-03-04 22:34 - 2016-03-04 22:35 - 02721168 _____ (Microsoft Corporation) C:\Users\Mel Pepper\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2016-03-04 22:23 - 2016-03-04 22:34 - 231184384 _____ C:\Users\Mel Pepper\Downloads\KB2840165-Win7-RTM-SP1-X86.iso
2016-03-03 07:44 - 2016-03-03 07:44 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-03 07:44 - 2015-05-12 13:20 - 00037376 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys
2016-03-03 07:44 - 2015-05-12 13:18 - 00030720 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys
2016-03-03 07:44 - 2015-05-12 11:36 - 00029184 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetbus64.sys
2016-03-03 07:42 - 2016-03-03 07:42 - 12987144 _____ (LG Electronics) C:\Users\Mel Pepper\Downloads\LGMobileDriver_WHQL_Ver_4.0.4.exe
2016-02-21 17:37 - 2016-02-21 17:37 - 00164489 _____ C:\Users\Mel Pepper\Downloads\pdf_download-3.0.0.2-fx.xpi
2016-02-21 17:16 - 2016-02-21 17:16 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\CEF
2016-02-16 21:36 - 2016-02-21 17:32 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 21:36 - 2016-02-16 21:36 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-11 23:59 - 2016-02-11 23:59 - 00003048 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455206358
2016-02-11 23:59 - 2016-02-11 23:59 - 00001064 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-11 23:59 - 2016-02-11 23:59 - 00001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-11 23:48 - 2016-02-11 23:47 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-11 23:48 - 2016-02-11 23:47 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-11 23:47 - 2016-02-11 23:47 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-08 22:11 - 2016-02-08 22:11 - 00969216 _____ C:\Users\Mel Pepper\Downloads\Who Wants To Be A Millionaire.ppt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 02:56 - 2014-01-21 20:29 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3448265569-3600445-3889215138-1001
2016-03-08 02:52 - 2013-11-30 12:50 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-08 02:51 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 02:37 - 2014-01-25 08:42 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C452D80-F4D9-48AC-A18C-E365D0E3D02D}
2016-03-08 02:24 - 2014-04-28 11:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-08 02:16 - 2013-11-30 12:50 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-08 01:57 - 2013-08-22 21:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-03-07 23:30 - 2014-06-23 13:04 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\CrashDumps
2016-03-07 21:43 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-03-06 23:26 - 2013-11-30 12:26 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-03-06 23:25 - 2014-08-04 04:34 - 00000000 ____D C:\Users\Mel Pepper\Desktop\AG
2016-03-06 19:05 - 2014-01-21 20:24 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\TOSHIBA
2016-03-06 19:00 - 2013-09-12 14:04 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-06 18:49 - 2013-09-12 14:15 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-03-04 22:48 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-04 22:48 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-03 07:44 - 2013-09-12 14:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-03 07:40 - 2014-06-08 14:22 - 00000000 ____D C:\Users\Mel Pepper\Documents\HEDLEY Pepper
2016-03-02 00:00 - 2014-10-05 21:08 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-23 23:48 - 2014-10-05 21:07 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-23 21:03 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-02-21 17:33 - 2014-12-26 17:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-21 17:16 - 2014-07-30 14:15 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\Adobe
2016-02-21 12:25 - 2014-11-23 14:52 - 00000000 ____D C:\Program Files (x86)\Naver
2016-02-21 12:22 - 2014-04-28 11:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-21 12:22 - 2014-04-28 11:12 - 00000000 ____D C:\ProgramData\Skype
2016-02-21 12:20 - 2014-01-21 20:23 - 00000000 ____D C:\Users\Mel Pepper\AppData\Local\Packages
2016-02-21 00:22 - 2014-04-29 14:14 - 00002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-16 21:36 - 2013-09-12 14:06 - 00000000 ____D C:\ProgramData\Adobe
2016-02-16 21:36 - 2013-09-12 14:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-16 21:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-14 20:08 - 2014-11-06 20:44 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-02-14 20:08 - 2014-11-06 20:44 - 00000000 ____D C:\Windows\system32\vbox
2016-02-11 23:48 - 2014-10-05 21:07 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-11 23:47 - 2015-07-26 13:30 - 00154024 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-02-11 23:47 - 2014-10-05 21:07 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-11 23:47 - 2014-10-05 21:07 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-11 23:47 - 2014-10-05 21:07 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-11 23:47 - 2014-10-05 21:07 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-11 23:47 - 2014-10-05 21:07 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-11 23:47 - 2014-10-05 21:07 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-11 23:47 - 2014-10-05 20:54 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-11 23:47 - 2014-10-05 20:52 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-11 00:24 - 2014-04-28 11:19 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-07 21:30 - 2013-11-30 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2016-03-08 02:16 - 2016-03-08 02:16 - 0000096 _____ () C:\Users\Mel Pepper\AppData\Roaming\version2.xml
2016-03-05 10:53 - 2016-03-07 21:53 - 0000097 _____ () C:\Users\Mel Pepper\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
C:\Users\Mel Pepper\AppData\Local\Temp\2mwmjvuu.dll
C:\Users\Mel Pepper\AppData\Local\Temp\cct.dll
C:\Users\Mel Pepper\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Mel Pepper\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mel Pepper\AppData\Local\Temp\fx-runtime-2.0.exe
C:\Users\Mel Pepper\AppData\Local\Temp\ICReinstall_winzip18.exe
C:\Users\Mel Pepper\AppData\Local\Temp\JavaIC.dll
C:\Users\Mel Pepper\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Mel Pepper\AppData\Local\Temp\msscct32.dll
C:\Users\Mel Pepper\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mel Pepper\AppData\Local\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe
C:\Users\Mel Pepper\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Mel Pepper\AppData\Local\Temp\sqlite3.dll
C:\Users\Mel Pepper\AppData\Local\Temp\sr_SettingsManagerSetup.exe
C:\Users\Mel Pepper\AppData\Local\Temp\unwise.exe
C:\Users\Mel Pepper\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Mel Pepper\AppData\Local\Temp\vpqfwkdf.dll
C:\Users\Mel Pepper\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Mel Pepper\AppData\Local\Temp\ytb.exe
C:\Users\Mel Pepper\AppData\Local\Temp\{012BE93C-5720-44B6-8A40-90F9206EDFB8}-GoogleUpdateSetup.exe
C:\Users\Mel Pepper\AppData\Local\Temp\{C1A72E27-9093-4985-A125-BD4F6C8FD352}-48.0.2564.103_48.0.2564.97_chrome_updater_3stage.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-06 17:37
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Mel Pepper (2016-03-08 03:12:20)
Running from C:\Users\Mel Pepper\Downloads
Windows 8.1 (X64) (2014-01-21 12:23:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3448265569-3600445-3889215138-500 - Administrator - Disabled)
Guest (S-1-5-21-3448265569-3600445-3889215138-501 - Limited - Disabled)
Mel Pepper (S-1-5-21-3448265569-3600445-3889215138-1001 - Administrator - Enabled) => C:\Users\Mel Pepper

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Avira AntiVir Personal - Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: - Avira GmbH)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP4900 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
Facebook Chat @Desktop version 1.1 (HKLM-x32\...\{43E1DFE8-B348-43F2-9AF0-C3F9EF74DF80}_is1) (Version: 1.1 - Olcinium)
Facebook Chat IM 1.1 (HKLM-x32\...\Facebook Chat IM) (Version: 1.1 - FBCIM)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.0.4 - LG Electronics)
Microsoft Encarta Premium 2009 (HKLM-x32\...\{09040081-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.5 - Power Software Ltd)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Smartphone Recovery PRO for Android version 4.0.0.0 (HKLM-x32\...\{BE63ED8A-18B7-4E91-B65F-48FA9D630DE9}_is1) (Version: 4.0.0.0 - Enigma Recovery)
Sony PC Companion 2.10.275 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Turkcell VINN Hostless Modem (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
Viber (HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07C9CD9C-3C58-4317-9DEC-B4808F62D408} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0CECBE06-6DC1-4158-8DBD-98F998F672D9} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {1A1E9064-4557-4BFE-A150-B76A0C649D10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11] (Adobe Systems Incorporated)
Task: {1B78A817-DE1F-45FE-BE51-083BA1054184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2A4FEF33-D804-4DAB-96B9-E608D3F61933} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {44B31B02-B610-403B-97BF-A99B600EDA80} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-23] (Synaptics Incorporated)
Task: {4FBF78F2-33A2-481F-9876-7DB5D300414D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {56DBE8F9-AE85-447A-B9EC-BFFFB03E9183} - System32\Tasks\SafeZone scheduled Autoupdate 1455206358 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {69E4C541-300D-473B-A16F-D93BD5891554} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-06] (AVAST Software)
Task: {8275E00E-70A8-48C3-A237-20D838028E0C} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {A201C89D-B69B-43D5-80B0-C0F10E62A346} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-29] ()
Task: {A98EAD3D-183A-4110-8F4D-A41BE2B5FE1F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-11] (AVAST Software)
Task: {C6C2692B-AD81-4147-B4C9-0F29C91BFC45} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {F008045A-41B6-49B0-B285-A93A6779944C} - System32\Tasks\avastBCLRestartS-1-5-21-3448265569-3600445-3889215138-1001 => Chrome.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-31 11:47 - 2013-08-31 11:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-11 04:54 - 2013-09-11 04:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-11-30 12:40 - 2013-08-29 08:08 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2012-07-19 10:38 - 2012-07-19 10:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-02-18 14:41 - 2012-10-10 23:58 - 00442696 _____ () C:\Program Files (x86)\Hostless Modem\Turkcell VINN\CheckNDISPort_df.exe
2013-08-31 11:47 - 2013-08-31 11:47 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2016-02-11 23:47 - 2016-02-11 23:47 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-11 23:47 - 2016-02-11 23:47 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-08 01:25 - 2016-03-08 01:25 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030700\algo.dll
2016-02-11 23:47 - 2016-02-11 23:47 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-02-23 22:21 - 2009-01-29 07:03 - 00326401 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-07-04 04:20 - 2014-07-04 04:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-04 04:19 - 2014-07-04 04:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-21 00:22 - 2016-02-18 12:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-21 00:22 - 2016-02-18 12:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-02-11 23:47 - 2016-02-11 23:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-02-21 00:22 - 2016-02-18 12:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2016-03-08 01:58 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3448265569-3600445-3889215138-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mel Pepper\Desktop\1TH5V16-0001-WPROOF-300x300.jpg
DNS Servers: 124.106.6.2 - 124.106.5.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\StartupApproved\Run: => "E09AXLRD_1637863734"
HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{2515CA76-3321-48B3-8AE9-9778FA878505}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C967123B-DFBA-4A47-82A6-6BE80EB228F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CAB2F4E7-3701-4AAD-8CEB-18DAE7D8FF76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{353361B4-170F-4F6F-8BBC-8BD0689E94E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4BB94C1-ED9D-4626-860A-BE42DEEEE999}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{30A86351-24F2-434F-9291-BF22CF8BE935}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{F395F6DF-8FDE-4A7B-987B-C38F92AE2C95}C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B6F862F7-9BB2-4288-8875-21A4B7F49355}C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{165B0017-4CD2-4312-8308-9A4A5F73C65D}C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FD484B61-05E7-46DF-AB1D-42AD4927CF34}C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mel Pepper\appdata\roaming\spotify\spotify.exe
FirewallRules: [{96958AEC-20A7-4452-B532-DAD3A9495AEB}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{FB847906-B507-429E-A834-4412AE15DFE1}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{239C6C96-BB68-4CD7-947D-ABEC781059CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE2CFDB8-E54B-4FD5-AF72-B590CD974014}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A90F25E-94D7-4A08-8FA4-F189FBC9ABB1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{16C7DF03-C657-4D73-8111-873548376B0B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F5E125BA-72DB-44FB-AFEF-737EBE014E0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-02-2016 12:20:41 Scheduled Checkpoint
21-02-2016 12:21:14 Removed Skype™ 7.8
01-03-2016 17:59:54 Scheduled Checkpoint
03-03-2016 07:43:30 Installed LG Mobile Driver
04-03-2016 22:36:50 Installed Windows 7 USB/DVD Download Tool
04-03-2016 22:38:04 Installed Windows 7 USB/DVD Download Tool
06-03-2016 19:04:17 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
06-03-2016 19:05:24 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2016 02:50:21 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Alerts. Error: Operation failed.

Error: (03/08/2016 02:50:21 AM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

Error: (03/08/2016 02:00:41 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/07/2016 11:30:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc000041d
Fault offset: 0x0000000000005384
Faulting process id: 0x5c8
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5

Error: (03/07/2016 11:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc0000005
Fault offset: 0x0000000000005384
Faulting process id: 0x5c8
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5

Error: (03/06/2016 11:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc000041d
Fault offset: 0x0000000000005384
Faulting process id: 0x974
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5

Error: (03/06/2016 11:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc0000005
Fault offset: 0x0000000000005384
Faulting process id: 0x974
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5

Error: (03/05/2016 10:49:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc000041d
Fault offset: 0x0000000000005384
Faulting process id: 0x11fc
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5

Error: (03/05/2016 10:49:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc0000005
Fault offset: 0x0000000000005384
Faulting process id: 0x11fc
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5

Error: (03/05/2016 10:48:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_cnbsm4.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: cnbei4.dll_unloaded, version: 0.3.1536.1, time stamp: 0x49b959a0
Exception code: 0xc000041d
Fault offset: 0x0000000000005384
Faulting process id: 0x5e0
Faulting application start time: 0xrundll32.exe_cnbsm4.dll0
Faulting application path: rundll32.exe_cnbsm4.dll1
Faulting module path: rundll32.exe_cnbsm4.dll2
Report Id: rundll32.exe_cnbsm4.dll3
Faulting package full name: rundll32.exe_cnbsm4.dll4
Faulting package-relative application ID: rundll32.exe_cnbsm4.dll5


System errors:
=============
Error: (03/08/2016 03:07:12 AM) (Source: DCOM) (EventID: 10010) (User: MelPepper)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/08/2016 02:49:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (03/08/2016 02:48:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 02:48:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GamesAppIntegrationService service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 02:48:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/08/2016 02:48:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 02:48:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 02:48:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ByteFence Security Real-time Protection service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 02:48:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DTS APO Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 02:48:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2015-02-12 20:23:33.692
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-10 21:00:14.077
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-08 18:07:25.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-04 18:36:01.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-04 18:36:01.643
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-01 23:17:36.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-01 23:17:36.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-01 15:55:19.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-01 15:55:19.655
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-01-29 05:27:21.605
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 7629.51 MB
Available physical RAM: 5535.27 MB
Total Virtual: 8845.51 MB
Available Virtual: 6344.43 MB

==================== Drives ================================

Drive c: (TI10675800F) (Fixed) (Total:689.32 GB) (Free:617.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 07 March 2016 - 08:37 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 PM

Posted 07 March 2016 - 08:47 PM

Greetings IronicCatalyst and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Does this look familiar?

Philippine Long Distance Telephone Company

Your computer is still compromised. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\Run: [] => 0
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
FF HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3448265569-3600445-3889215138-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKU\S-1-5-21-3448265569-3600445-3889215138-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
2016-03-08 02:10 - 2016-03-08 02:16 - 209306775 _____ (Autodesk, Inc.) C:\Users\Mel Pepper\Downloads\Unconfirmed 650543.crdownload
2016-03-08 01:22 - 2016-03-08 01:55 - 329182995 _____ (Autodesk, Inc.) C:\Users\Mel Pepper\Downloads\Unconfirmed 747436.crdownload
2016-03-08 01:19 - 2016-03-08 01:55 - 378034595 _____ (Autodesk, Inc.) C:\Users\Mel Pepper\Downloads\Unconfirmed 396662.crdownload
2016-03-06 19:37 - 2016-03-06 19:51 - 259967288 _____ C:\Users\Mel Pepper\Downloads\Unconfirmed 100203.crdownload
C:\Users\Mel Pepper\AppData\Local\Temp\2mwmjvuu.dll
C:\Users\Mel Pepper\AppData\Local\Temp\cct.dll
C:\Users\Mel Pepper\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Mel Pepper\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mel Pepper\AppData\Local\Temp\fx-runtime-2.0.exe
C:\Users\Mel Pepper\AppData\Local\Temp\ICReinstall_winzip18.exe
C:\Users\Mel Pepper\AppData\Local\Temp\JavaIC.dll
C:\Users\Mel Pepper\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Mel Pepper\AppData\Local\Temp\msscct32.dll
C:\Users\Mel Pepper\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mel Pepper\AppData\Local\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe
C:\Users\Mel Pepper\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Mel Pepper\AppData\Local\Temp\sqlite3.dll
C:\Users\Mel Pepper\AppData\Local\Temp\sr_SettingsManagerSetup.exe
C:\Users\Mel Pepper\AppData\Local\Temp\unwise.exe
C:\Users\Mel Pepper\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Mel Pepper\AppData\Local\Temp\vpqfwkdf.dll
C:\Users\Mel Pepper\AppData\Local\Temp\YSearchUtil.dll
C:\Users\Mel Pepper\AppData\Local\Temp\ytb.exe
C:\Users\Mel Pepper\AppData\Local\Temp\{012BE93C-5720-44B6-8A40-90F9206EDFB8}-GoogleUpdateSetup.exe
C:\Users\Mel Pepper\AppData\Local\Temp\{C1A72E27-9093-4985-A125-BD4F6C8FD352}-48.0.2564.103_48.0.2564.97_chrome_updater_3stage.exe
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. You can also locate it in your C:\ directory. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Zoek report
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 IronicCatalyst

IronicCatalyst
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 08 March 2016 - 07:08 AM

Thanks Oh my!. But, I do recognize the Philippine Long Distance Telephone Company to be my ISP. Should I still be worried? Thanks!


Edited by IronicCatalyst, 08 March 2016 - 08:08 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 PM

Posted 08 March 2016 - 09:59 AM

No need to worry, just wanted to make sure.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 IronicCatalyst

IronicCatalyst
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 09 March 2016 - 05:44 AM

So, I guess Im good or should I still follow through? Thanks Oh My! New to this forums but it seems amazing. Thanks again!

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 PM

Posted 09 March 2016 - 10:21 AM

Thank you for your kindness.

We still need to perform the steps I posted. The question about Philippine Long Distance Telephone Company was simply to clarify one small part of the information in your report. There is other stuff we need to deal that has nothing to do with your telephone company.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 PM

Posted 12 March 2016 - 09:04 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:49 PM

Posted 14 March 2016 - 09:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users