Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% CPU All the time


  • This topic is locked This topic is locked
19 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 24 July 2016 - 06:08 AM

I have a computer that is running the CPU at 100% all of the time. I located and removed the Be Frugal toolbar and have scanned the system with everything I normally use but cannot find out what is causing the CPU to run at 100% all of the time.
Attached is the dds logfile.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18315  BrowserJavaVersion: 11.91.2
Run by Mark at 3:33:27 on 2016-07-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.5306 [GMT -7:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Emsisoft Anti-Malware *Enabled/Updated* {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\GWX\GWX.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe /r /p
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~4.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~3.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{793EE60A-4021-448D-B8E7-9BD28E1B353C} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
x64-Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon
x64-Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
x64-Run: [ZAM] "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2016-7-23 74544]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2016-7-23 290088]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-7-23 37144]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2016-7-23 1070904]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2016-7-23 473592]
R1 epp;epp;C:\Program Files\Emsisoft Anti-Malware\epp.sys [2016-7-22 116944]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2016-7-23 37656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2016-7-23 108304]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2016-7-23 162904]
S1 epp64;epp64;C:\EEK\bin\epp64.sys [2016-7-21 138504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-07-24 05:25:02 203680 ----a-w- C:\Windows\System32\drivers\zam64.sys
2016-07-24 05:24:54 203680 ----a-w- C:\Windows\System32\drivers\zamguard64.sys
2016-07-24 05:24:36 -------- d-----w- C:\Program Files (x86)\Zemana AntiMalware
2016-07-24 05:23:31 -------- d-----w- C:\Users\Mark\AppData\Local\Zemana
2016-07-24 05:14:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B28A8B8-67AE-4E24-A3DD-5DCC45223578}\offreg.3464.dll
2016-07-23 22:11:07 -------- d-----w- C:\Program Files\Common Files\AV
2016-07-23 22:11:07 -------- d-----w- C:\Program Files (x86)\Common Files\AV
2016-07-23 22:10:16 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2016-07-23 22:10:16 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2016-07-23 22:10:16 290088 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2016-07-23 22:10:16 162904 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2016-07-23 22:10:16 108304 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2016-07-23 22:10:16 1070904 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2016-07-23 22:10:16 103064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2016-07-23 22:10:15 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2016-07-23 22:08:33 53208 ----a-w- C:\Windows\avastSS.scr
2016-07-23 22:07:46 -------- d-----w- C:\Program Files\AVAST Software
2016-07-23 21:50:12 -------- d-----w- C:\FRST
2016-07-23 04:44:42 -------- d-----w- C:\Users\Mark\AppData\Local\lptmp2105022995
2016-07-23 04:44:42 -------- d-----w- C:\Users\Mark\AppData\Local\lptmp1476714634
2016-07-23 04:25:57 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2016-07-23 04:09:38 -------- d-----w- C:\Users\Mark\AppData\Local\{32EFEA44-6853-49CD-B257-A3542F5BA316}
2016-07-23 02:46:16 -------- d-----w- C:\ProgramData\Emsisoft
2016-07-23 02:16:54 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
2016-07-22 04:07:53 -------- d-----w- C:\EEK
2016-07-22 02:29:55 -------- d-----w- C:\Users\Mark\AppData\Local\ESET
2016-07-21 04:17:29 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2016-07-21 04:17:27 -------- d-----w- C:\ProgramData\RogueKiller
2016-07-21 03:56:35 -------- d-----w- C:\Windows\ERUNT
2016-07-21 03:40:40 -------- d-----w- C:\Program Files\Defraggler
2016-07-21 03:34:10 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-07-21 03:33:39 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-07-21 03:33:39 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-07-21 03:33:39 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-07-21 03:33:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-13 22:49:31 -------- d-----w- C:\Users\Mark\AppData\Local\Opera Software
2016-07-13 22:49:26 -------- d-----w- C:\Users\Mark\AppData\Roaming\Opera Software
2016-07-13 22:45:00 11895896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6B28A8B8-67AE-4E24-A3DD-5DCC45223578}\mpengine.dll
.
==================== Find3M  ====================
.
2016-05-23 13:57:03 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-05-23 13:57:03 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-18 14:52:28 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH:  6:45:09.89 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 29 July 2016 - 06:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/620950 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 31 July 2016 - 04:26 AM

Received the computer with the processor running at 100%. I used Malwarebytes, ADW Cleaner, Zemana Ant-Malware, Rogue Killer, TDSS, removed conflicting AV programs including Norton, McAfee, WebRoot and installed Avast as the active AV program. Also used ESET online scanner and found a 32 bit infection and removed it in Safe Mode. Still seeing the CPU running at 100% with no apparent infections running that are detected? I have removed some programs that could have been infected including Graboid, and a few other 3rd party programs.
Will now run FRST and post logfile results here in my next posting.



#4 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 31 July 2016 - 05:16 AM

Here is the FRST logfile and the attach file:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Mark (administrator) on MARK-HP (31-07-2016 05:33:59)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9511912 2016-06-28] (Emsisoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-25] (Affinegy, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-23] (AVAST Software)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\MountPoints2: {6e9c7e31-ad96-11e0-9ffc-6431501c1e57} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\MountPoints2: {d47a8bef-a10b-11e0-a530-6431501c1e57} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\MountPoints2: {d47a8c20-a10b-11e0-a530-6431501c1e57} - F:\TLBootstrap_WPP.exe
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-23] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2013-12-11]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2013-12-11]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{793EE60A-4021-448D-B8E7-9BD28E1B353C}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2077446205-255877225-661204788-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2077446205-255877225-661204788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.duckduckgo.com/
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2077446205-255877225-661204788-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-23] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-23] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKU\S-1-5-21-2077446205-255877225-661204788-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {CAFECAFE-0013-0001-0009-ABCDEFABCDEF}
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ifbvfzwi.default-1453159927459
FF Homepage: hxxp://www.msn.com/
about:preferences
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-2077446205-255877225-661204788-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-24] (Citrix Online)
FF Extension: No Name - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [not found]
FF Extension: Webroot Password Manager - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\ifbvfzwi.default-1453159927459\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-07-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-03]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-03]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-03]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-03]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-03]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-03]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-08-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-03]
CHR Extension: (Webroot Password Manager) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-08-03]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11446000 2016-06-28] (Emsisoft Ltd)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-25] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-23] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-23] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
S1 epp64; C:\EEK\bin\epp64.sys [138504 2016-07-23] (Emsisoft GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-29] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
U0 SR; no ImagePath
U2 srservice; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-31 05:33 - 2016-07-31 05:35 - 00026102 _____ C:\Users\Mark\Desktop\FRST.txt
2016-07-31 05:33 - 2016-07-31 05:33 - 00000000 ____D C:\FRST
2016-07-31 05:33 - 2016-07-31 05:32 - 02394112 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2016-07-29 14:22 - 2016-07-29 14:22 - 00000000 ____D C:\Users\Mark\Desktop\ComIntRepair
2016-07-29 13:34 - 2016-07-29 13:34 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-07-29 13:34 - 2016-07-29 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-29 13:34 - 2016-07-29 13:34 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-29 13:31 - 2016-07-29 13:31 - 00000000 ____D C:\AdwCleaner
2016-07-28 19:13 - 2016-07-28 19:13 - 00739904 _____ (Oracle Corporation) C:\Users\Mark\Downloads\chromeinstall-8u101.exe
2016-07-28 18:31 - 2016-07-28 18:31 - 00000000 ____D C:\MATS
2016-07-28 18:29 - 2016-07-28 18:29 - 00221662 _____ C:\Users\Mark\Desktop\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2016-07-28 17:48 - 2016-07-28 17:48 - 00000000 ____D C:\Users\Mark\Documents\My Filehippo Downloads
2016-07-25 11:01 - 2016-07-25 11:02 - 00000548 _____ C:\DelFix.txt
2016-07-24 06:46 - 2016-07-24 06:46 - 00006283 _____ C:\Users\Mark\Desktop\attach.txt
2016-07-24 01:25 - 2016-07-29 15:38 - 00038321 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-07-24 01:25 - 2016-07-29 14:35 - 00068351 _____ C:\Windows\ZAM.krnl.trace
2016-07-24 01:23 - 2016-07-24 01:23 - 00000000 ____D C:\Users\Mark\AppData\Local\Zemana
2016-07-23 18:36 - 2016-07-23 18:36 - 00001101 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-23 18:14 - 2016-07-23 18:14 - 00003876 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1469312023
2016-07-23 18:14 - 2016-07-23 18:14 - 00001957 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-23 18:14 - 2016-07-23 18:14 - 00001072 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-23 18:14 - 2016-07-23 18:14 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-23 18:14 - 2016-07-23 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-23 18:11 - 2016-07-23 18:11 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-07-23 18:11 - 2016-07-23 18:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-23 18:10 - 2016-07-31 05:38 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-23 18:10 - 2016-07-23 18:11 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-23 18:10 - 2016-07-23 18:08 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-23 18:09 - 2016-07-23 18:08 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-23 18:08 - 2016-07-23 18:08 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-23 18:07 - 2016-07-23 18:08 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-23 00:44 - 2016-07-23 00:44 - 00000000 ____D C:\Users\Mark\AppData\Local\lptmp2105022995
2016-07-23 00:44 - 2016-07-23 00:44 - 00000000 ____D C:\Users\Mark\AppData\Local\lptmp1476714634
2016-07-23 00:25 - 2016-07-23 00:26 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-07-23 00:25 - 2016-07-23 00:25 - 00001299 _____ C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2016-07-23 00:25 - 2016-07-23 00:25 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-07-23 00:09 - 2016-07-23 00:09 - 00000000 ____D C:\Windows\ERDNT
2016-07-23 00:09 - 2016-07-23 00:09 - 00000000 ____D C:\Users\Mark\AppData\Local\{32EFEA44-6853-49CD-B257-A3542F5BA316}
2016-07-22 22:46 - 2016-07-22 22:46 - 00000000 ____D C:\ProgramData\Emsisoft
2016-07-22 22:18 - 2016-07-24 07:21 - 00001084 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-07-22 22:18 - 2016-07-22 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-07-22 22:16 - 2016-07-31 05:34 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-07-22 00:08 - 2016-07-22 00:08 - 00000745 _____ C:\Users\Mark\Desktop\Start Emsisoft Emergency Kit.lnk
2016-07-22 00:07 - 2016-07-29 13:28 - 00000000 ____D C:\EEK
2016-07-21 22:50 - 2016-07-28 19:27 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Mark\Desktop\esetonlinescanner_enu.exe
2016-07-21 22:29 - 2016-07-29 09:55 - 00000000 ____D C:\Users\Mark\AppData\Local\ESET
2016-07-21 00:17 - 2016-07-29 13:35 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-21 00:17 - 2016-07-21 00:17 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-20 23:56 - 2016-07-20 23:56 - 00000000 ____D C:\Windows\ERUNT
2016-07-20 23:40 - 2016-07-22 22:54 - 00001912 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-07-20 23:40 - 2016-07-20 23:40 - 00000000 ____D C:\Program Files\Defraggler
2016-07-20 23:34 - 2016-07-29 13:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-20 23:33 - 2016-07-23 21:13 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-20 23:33 - 2016-07-20 23:33 - 00001137 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-20 23:33 - 2016-07-20 23:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 23:33 - 2016-03-10 17:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-20 23:33 - 2016-03-10 17:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-20 23:24 - 2016-07-20 23:24 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-14 14:36 - 2016-07-24 01:38 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMark
2016-07-14 14:36 - 2016-07-24 01:38 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMark.job
2016-07-13 18:49 - 2016-07-13 18:49 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Opera Software
2016-07-13 18:49 - 2016-07-13 18:49 - 00000000 ____D C:\Users\Mark\AppData\Local\Opera Software
2016-07-13 18:48 - 2016-07-13 18:48 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1468450119
2016-07-13 18:48 - 2016-07-13 18:48 - 00001137 _____ C:\Users\Public\Desktop\Opera.lnk
2016-07-13 18:48 - 2016-07-13 18:48 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-13 18:46 - 2016-07-21 22:32 - 00000000 ____D C:\Program Files (x86)\Opera

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-31 05:34 - 2009-07-14 01:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-31 05:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-31 05:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-29 14:45 - 2013-08-22 20:31 - 00001152 _____ C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2016-07-29 14:42 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-29 14:42 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-29 14:33 - 2011-06-21 01:27 - 00000000 ____D C:\Users\Mark
2016-07-29 13:52 - 2013-05-03 23:04 - 00001166 _____ C:\Users\Mark\Desktop\Click for Verizon Wi-Fi Setup.lnk
2016-07-29 13:52 - 2013-05-03 23:03 - 00001174 _____ C:\Users\Mark\Desktop\Verizon Message Center.lnk
2016-07-29 13:52 - 2013-05-03 23:03 - 00001174 _____ C:\Users\Mark\Desktop\My Verizon.lnk
2016-07-28 19:14 - 2011-06-24 23:26 - 00000977 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-28 19:03 - 2015-10-19 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-28 19:03 - 2014-09-11 16:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-28 18:31 - 2011-06-20 22:56 - 00000000 ____D C:\Users\Mark\AppData\Local\ElevatedDiagnostics
2016-07-28 18:28 - 2015-06-18 13:09 - 00000000 ____D C:\ProgramData\Oracle
2016-07-23 21:14 - 2011-06-06 15:32 - 00000000 ____D C:\ProgramData\PDFC
2016-07-23 18:37 - 2014-08-25 12:20 - 00000000 ____D C:\Users\Mark\AppData\Local\Adobe
2016-07-23 18:36 - 2012-03-13 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-23 18:08 - 2013-11-14 21:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-23 17:59 - 2011-06-21 01:30 - 00063856 _____ C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-23 15:55 - 2009-07-14 00:45 - 00278936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-23 00:46 - 2011-06-27 18:28 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Verizon
2016-07-23 00:44 - 2015-12-10 11:07 - 00000000 ____D C:\Users\Mark\AppData\Local\lptmp
2016-07-23 00:41 - 2011-06-06 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2016-07-23 00:32 - 2011-06-06 15:16 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-07-23 00:29 - 2011-06-20 22:37 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2016-07-23 00:17 - 2011-06-20 22:32 - 00000000 ____D C:\Users\Mark\AppData\Local\VirtualStore
2016-07-23 00:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2016-07-23 00:09 - 2011-06-06 15:16 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-07-22 23:46 - 2011-06-20 22:43 - 00000000 ____D C:\Windows\pss
2016-07-21 22:45 - 2015-09-29 13:00 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-07-21 22:35 - 2016-04-13 11:55 - 00000000 ____D C:\Program Files\Intel
2016-07-21 22:18 - 2009-07-14 01:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-20 23:25 - 2009-07-24 15:22 - 00000000 ____D C:\Windows\Panther
2016-07-20 23:24 - 2011-06-24 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-17 01:20 - 2015-06-02 09:27 - 00007602 _____ C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
2016-07-14 00:13 - 2014-12-25 12:18 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 18:57 - 2015-04-29 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-13 18:40 - 2015-12-10 11:07 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\LastPass
2016-07-13 18:40 - 2015-04-05 16:55 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-13 18:40 - 2014-12-10 23:21 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-13 18:40 - 2014-05-06 23:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-13 18:40 - 2013-03-12 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-13 18:40 - 2013-03-12 23:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-13 18:40 - 2013-03-12 23:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-13 18:40 - 2011-06-06 15:41 - 00000000 ____D C:\ProgramData\RoxioNow
2016-07-13 18:40 - 2011-06-06 15:27 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-07-13 18:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2016-07-13 18:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-13 18:40 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-13 18:38 - 2011-06-06 15:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 18:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-07-13 18:37 - 2011-11-13 15:37 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2012-11-15 13:57 - 2015-12-18 10:52 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-07-29 19:08 - 2013-07-29 19:08 - 1358424 _____ () C:\Users\Mark\AppData\Roaming\VzInHomeAgent.exe
2013-08-28 22:03 - 2013-08-28 22:08 - 0000172 _____ () C:\Users\Mark\AppData\Local\cookies.ini
2015-06-02 09:27 - 2016-07-17 01:20 - 0007602 _____ () C:\Users\Mark\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-11 10:39

==================== End of FRST.txt ============================


Cannot attach the zipd Attach log. Please let me know if you need it.



#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 31 July 2016 - 11:37 AM

Hi sh4rkbyt3v :)

 

My name is polskamachina and I would like to welcome you back to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.
Cannot attach the zipd Attach log. Please let me know if you need it.

I will need to see your Addition.txt log. Please copy and paste it into your next reply to me.

 

Let me know if you have any questions.

 

polskamachina

 



#6 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 01 August 2016 - 08:27 PM

Here is the Attached file results:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2011 1:27:00 AM
System Uptime: 7/23/2016 6:52:55 PM (12 hours ago)
.
Motherboard: FOXCONN |  | 2AB7
Processor: AMD Athlon™ II 170u Processor | CPU 1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 392.793 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.426 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: DataTraveler 102
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_102&REV_1.00#001CC0EC3036F031B6AE068A&0#
Manufacturer: Kingston
Name: KINGSTON
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_102&REV_1.00#001CC0EC3036F031B6AE068A&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Acrobat Reader DC
Adobe AIR
Adobe Flash Player 21 ActiveX
Adobe Flash Player 21 NPAPI
Adobe Refresh Manager
Agatha Christie - Peril at End House
ATI Catalyst Install Manager
Avast Free Antivirus
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
Citrix Online Launcher
Compaq Setup Manager
CyberLink DVD Suite Deluxe
D3DX10
Defraggler
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Emsisoft Anti-Malware
Escape Rosecliff Island
Farm Frenzy
FATE
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.1.0
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP MovieStore
HP Odometer
HP Setup
HP Support Information
HP Support Solutions Framework
HP Update
HP Vision Hardware Diagnostics
IHA_MessageCenter
Intel® Biometric and Context Agent
Intel® Biometric and Context Agent Redistributables
Java 8 Update 91
Java Auto Updater
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
Learning Lodge™
LightScribe System Software
Malwarebytes Anti-Malware version 2.2.1.1043
Microsoft .NET Framework 4.6.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Opera Stable 38.0.2220.41
Oracle JInitiator 1.3.1.9
PDF Complete Special Edition
Penguins!
PhotoNow!
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.95
RoxioNow Player
SafeZone Stable 1.48.2066.114
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)
Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
Virtual Families
Virtual Villagers 4 - The Tree of Life
VLC media player
VTech Download Agent Library
Vz In-Home Agent
Wheel of Fortune 2
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zemana AntiMalware
Zinio Reader 4
Zuma Deluxe
.
==== End Of File ===========================
 



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 01 August 2016 - 09:23 PM

Hi sh4rkbyt3 :)

 

The log that you need to copy and paste is named Addition.txt and should be located on your desktop. (The file that you just posted was, Attach.txt;) If you cannot find Addition.txt on your desktop:

  • Run the FRST64 program again
  • When the main window opens, check the box for Addition.txt
  • Click the Scan button.
  • When the scan has finished, please copy and paste both the FRST.txt and Addition.txt logs into your next reply to me.

Let me know if you have any questions.

 

polskamachina



#8 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 02 August 2016 - 07:21 PM

Sorry about that polskamachina, I noticed the .dds at the beginning of the file and was curious about that as well. Here is the actual logfile you requested and thank you very much for your help it is appreciated.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Mark (2016-07-31 05:51:50)
Running from C:\Users\Mark\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-21 05:27:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2077446205-255877225-661204788-500 - Administrator - Disabled)
Guest (S-1-5-21-2077446205-255877225-661204788-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2077446205-255877225-661204788-1002 - Limited - Enabled)
Mark (S-1-5-21-2077446205-255877225-661204788-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
Learning Lodge™ (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Oracle JInitiator 1.3.1.9 (HKLM-x32\...\Oracle JInitiator 1.3.1.9) (Version:  - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}) (Version: 1.13.0103 - SAMSUNG)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.87.0 - Verizon)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {120D77D2-0230-4C8D-BDF8-5AC2837C83FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {30F5B8ED-9BC2-4AC0-A87E-B3145B2D102C} - System32\Tasks\Opera scheduled Autoupdate 1468450119 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-30] (Opera Software)
Task: {42238797-725A-4C46-96A0-2FF070FD47D9} - System32\Tasks\{938BDF6D-12AB-453F-9E62-6A2D4F57F3A0} => pcalua.exe -a E:\VTech_toy_Setup.exe -d E:\
Task: {49F750DF-A908-4D3F-8757-D4A8AD946F34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-23] (AVAST Software)
Task: {5DFD877C-059B-49F4-ACBD-7F5C7075E664} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {670976D4-2828-4F2A-81EA-DDF264BB8DF3} - System32\Tasks\SafeZone scheduled Autoupdate 1469312023 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {7729641D-FF3A-42A4-99C1-237508850DF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {7E718F76-8C41-4F97-9C34-9F50661882AA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {9B11D5C3-6C6A-4907-8E9B-A34182F7B8B2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {9FA4D2B7-393F-4352-ADC7-E9E817F2DB55} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-23] (Hewlett-Packard)
Task: {A6FB751B-8A5F-41E3-83C0-1BCF1BA338DA} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D4B499F5-8CB2-48BE-904A-1D9F0654F818} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {DBDFC307-461A-49AD-B3CA-68E51497CA50} - System32\Tasks\{04E973FF-E6AF-4DB3-BAE1-CF1FEB2F1366} => pcalua.exe -a "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BD5CZCS\jinit.exe" -d C:\Users\Mark\Desktop
Task: {E2057AE4-81FF-4CE4-8E88-E649CF05F811} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-23] (AVAST Software)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mark\Favorites\Verizon Links\About Verizon.lnk -> hxxp://www22.verizon.com/about/
Shortcut: C:\Users\Mark\Favorites\Verizon Links\Safety & Security.lnk -> hxxp://surround.verizon.com/Shop/Utilities/InternetSecuritySuite.aspx
Shortcut: C:\Users\Mark\Favorites\Verizon Links\Support.lnk -> hxxp://www22.verizon.com/residentialhelp/
Shortcut: C:\Users\Mark\Favorites\Verizon Links\Welcome Page.lnk -> hxxp://www22.verizon.com/ForYourHome/MyAccount/UnProtected/UserManagement/Login/Login.aspx?welcome=hsi
Shortcut: C:\Users\Mark\Favorites\My Verizon\Account.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx?session=n&goto=https%3A%2F%2Fwww22%2Everizon
Shortcut: C:\Users\Mark\Favorites\My Verizon\Message Center.lnk -> hxxp://webmail.verizon.com/signin/
Shortcut: C:\Users\Mark\Favorites\My Verizon\My Verizon Services.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx?session=n&goto=https%3A%2F%2Fwww22%2Everizon
Shortcut: C:\Users\Mark\Favorites\My Verizon\My Verizon.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
Shortcut: C:\Users\Mark\Favorites\My Verizon\Shop Verizon.lnk -> hxxp://shop.verizon.com/
Shortcut: C:\Users\Mark\Favorites\My Verizon\Support.lnk -> hxxp://www22.verizon.com/residentialhelp/
Shortcut: C:\Users\Mark\Favorites\Links\My Verizon.lnk -> hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
Shortcut: C:\Users\Mark\Favorites\Links\Verizon Message Center.lnk -> hxxp://webmail.verizon.com/signin/

==================== Loaded Modules (Whitelisted) ==============

2013-08-11 22:37 - 2013-06-20 03:58 - 00391040 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-06 15:24 - 2011-06-06 15:24 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2016-07-23 18:08 - 2016-07-23 18:08 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-29 14:21 - 2016-07-29 14:21 - 03002880 _____ () C:\Program Files\AVAST Software\Avast\defs\16072901\algo.dll
2016-07-23 18:08 - 2016-07-23 18:08 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-11-08 23:02 - 2011-02-15 17:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-11-08 23:02 - 2011-02-15 17:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-11-08 23:02 - 2011-02-15 17:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-11-08 23:02 - 2011-02-15 17:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-11-08 23:02 - 2011-02-15 16:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2013-08-11 22:37 - 2010-06-23 21:16 - 02150400 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
2013-08-11 22:37 - 2010-07-13 09:07 - 07826432 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
2013-08-11 22:37 - 2010-06-01 22:29 - 00934912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
2013-08-11 22:37 - 2010-06-01 22:28 - 00335360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
2013-08-11 22:37 - 2013-08-09 02:01 - 09849200 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
2013-08-11 22:37 - 2010-06-01 22:56 - 00232960 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
2013-08-11 22:37 - 2010-06-01 22:54 - 02530816 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-08-11 22:37 - 2010-07-05 05:19 - 00116736 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-08-11 22:37 - 2010-11-11 05:24 - 00028160 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
2013-08-11 22:37 - 2010-06-02 01:05 - 00025600 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-08-11 22:37 - 2010-06-02 01:05 - 00119808 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2016-07-23 18:08 - 2016-07-23 18:08 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2077446205-255877225-661204788-1000\...\verizon.net -> hxxps://activate.verizon.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-07-29 14:30 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2077446205-255877225-661204788-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F4558A43-1D2C-47F1-9E42-7E7D635E6A8A}] => (Allow) LPort=50000

==================== Restore Points =========================

29-07-2016 14:34:23 Revo Uninstaller's restore point - Zemana AntiMalware
29-07-2016 14:41:15 Revo Uninstaller's restore point - Windows 7 Upgrade Advisor
29-07-2016 14:42:10 Removed Windows 7 Upgrade Advisor
29-07-2016 14:59:28 Removed Adobe Acrobat Reader DC.
29-07-2016 15:00:29 Revo Uninstaller's restore point - FileHippo App Manager
29-07-2016 15:04:20 Revo Uninstaller's restore point - Adobe Flash Player 21 NPAPI
29-07-2016 15:08:58 Revo Uninstaller's restore point - Adobe Acrobat Reader DC
29-07-2016 15:09:58 Removed Adobe Acrobat Reader DC.
29-07-2016 15:18:08 Revo Uninstaller's restore point - Adobe AIR
29-07-2016 15:20:39 Revo Uninstaller's restore point - Adobe Flash Player 21 ActiveX

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: KINGSTON
Description: DataTraveler 102
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Kingston
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2016 05:38:37 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/29/2016 03:20:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 03:18:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 03:10:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 03:09:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 03:04:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 03:01:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 02:59:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 02:42:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service ZAM Controller Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/29/2016 02:42:25 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

System errors:
=============
Error: (07/31/2016 05:28:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp64

Error: (07/29/2016 02:32:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp64

Error: (07/29/2016 02:25:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147023179 = The interface is unknown.

Error: (07/29/2016 02:20:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/29/2016 02:20:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/29/2016 02:19:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp64

Error: (07/29/2016 02:17:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (07/29/2016 02:17:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.

Error: (07/29/2016 02:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

Error: (07/29/2016 02:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.

 

CodeIntegrity:
===================================
  Date: 2016-07-31 05:27:44.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-31 05:27:44.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\bin\epp64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-31 05:27:44.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\epp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-31 05:27:43.585
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-29 14:30:58.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\zam64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-29 14:30:58.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\zamguard64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-29 14:30:58.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-29 14:30:58.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\EEK\bin\epp64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-29 14:30:58.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\epp.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-29 14:30:57.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ II 170u Processor
Percentage of memory in use: 23%
Total physical RAM: 7935.29 MB
Available physical RAM: 6039.17 MB
Total Virtual: 10619.47 MB
Available Virtual: 7941.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.93 GB) (Free:407.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:6.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DBD0CD26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 142D1C1D)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================



#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 03 August 2016 - 10:50 AM

Hi sh4rkbyt3,
 
Good job with the Addition log. :thumbsup:
 
Now that I have all the information, I can complete my analysis. I should be able to respond within the next 24 hours.
 
polskamachina



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 03 August 2016 - 03:55 PM

Hi sh4rkbyt3 :)
 
I noticed that you have two anti-virus programs installed and enabled.
 
Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall ONE of the following by clicking on the below entries and selecting "Remove":

  • Emsisoft Anti-Malware
  • or
  • avast! Anti-virus

Additional instructions can be found here if needed.
 
Next:
 
Copy and paste the following text in its entirety into a blank Notepad window:

CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5DFD877C-059B-49F4-ACBD-7F5C7075E664} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {9B11D5C3-6C6A-4907-8E9B-A34182F7B8B2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
S2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X]
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKU\S-1-5-21-2077446205-255877225-661204788-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Save the file to your desktop as fixlist.txt
Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work!

  • Run FRST64.exe from your download folder and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log, Fixlog.txt, on your desktop. Please copy and paste that log into your next reply to me.

In summary I will need from you:

  • Confirmation that you uninstalled one of your anti-virus programs
  • Fixlog.txt
  • How is your computer performing now?

polskamachina



#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 03 August 2016 - 07:44 PM

Having trouble running this fix. I removed Emsisoft Antimalware as suggested. System restarted and then used a thumb drive to copy and past the fixlog.txt using Notepad to the desktop from a clean computer. Upon trying to start FRST64 I got a UAC warning, told it yes to start and then the screen icons went white and a "new" version of FRST64 appeared on the desktop and the "older version saved on the desktop to a file named FRST-Older Version. Click the new version icon and clicking the FIX button in FRST64 displays the following message:

No fixlist.txt found
The fixlist.txt should be in the same folder/directory the tool is located.

 

Tried in normal mode, safe mode and safe mode with networking. Same results.
Continue to get the exact same message despite the file being located on the desktop. Even tried to drag and drop the fixlog.txt file directly into FRST64 and nothing. Searching for fixlog.txt in FRST64 has run for several hours and cannot seem to locate the file despite the fact it is on the desktop and exactly as it was written by yourself.


 



#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 03 August 2016 - 09:14 PM

Hi sh4rkbyt3 :)

 

Sorry to hear you're having trouble running the fix.

Even tried to drag and drop the fixlog.txt file directly into FRST64 and nothing.

Please make sure you named the file, fixlist.txt and NOT fixlog.txt In fact it wouldn't hurt to 

  • Right-click the fixlist.txt file
  • Choose rename
  • Erase the old name however it appears
  • Re-enter the name, fixlist.txt
  • Try running the fix again.

Even if you're still unable to run the fix, you should have noticed some improvement in performance by removing the extra anti-virus program. How is your computer performing now?

 

polskamachina

 

 



#13 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 04 August 2016 - 08:20 PM

There was no change after removing the Emsisoft AntiMalware. In fact it seems to have gotten worse. Now trying to start up the computer it won't even boot. I get the Compaq Start Screen, flashing cursor in the upper left hand corner and then it self launches Startup Repair on it's own but only shows a black screen. I can't even get to the desktop now to check that filename.A box popped up so fast I couldn't even see anything except the outline and now I am showing an underwater type background on the screen only. The arrow cursor is on the screen but no icons, no anything.



#14 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:59 AM

Posted 04 August 2016 - 08:48 PM

The computer has actually gotten worse not better. Now it will not even boot correctly. It shows the Compaq Start Up screen then goes to a black screen with a flashing cursor in the upper left hand corner, then launches Startup Repair on it's own. CPU light shows it running all of the time. An underwater (looking up) background screen appears and then 5-10 mins later Startup Repair actually begins running.
This appears to be getting worse very quickly not better.

I'm allowing Startup Repair to run and I'll let you know what shows up next, hopefully. THE CPU light is just staying on full-time at this point and isn't even flashing.

Ok after an hour it's still running and I have to get up early for work so I'll just let it run and see what it says or does in the morning.

 



#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,993 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:59 AM

Posted 05 August 2016 - 01:05 PM

Hi sh4rkbyte3 :)

 

Sorry to hear about this new problem.

An underwater (looking up) background screen appears

Does this background screen look distorted or do subsequent menus or text look abnormal?

 

If the Startup Repair was unsuccessful, let's see if you can boot into safe mode. Directions are here if you need them. If by some chance your system is still performing the Startup Repair after so many hours and the hard drive light is still solid (with absolutely no blinking at all), then manually shut down the computer by pressing and holding the power button until the power goes off.

 

In summary, I will need to know how your computer is performing or where it gets stuck in the boot process.

 

Let me know if you have any questions.

 

polskamachina

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users