Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox/Avast Malware Help


  • Please log in to reply
16 replies to this topic

#1 Dell95

Dell95

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 02:07 AM

Hello all,

 

I'll keep this short!

 

Avast is throwing the me the following message upon start up of Firefox.

 

I've scanned and cleaned with both Avast and Malwarebytes but I'm still getting the same message.

 

Pic_zpsv5ky9rbf.jpg

 

Thanks heaps,

 

 



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 02:52 AM

Hello Dell95 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

 

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Dell95

Dell95
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 03:25 AM

Hi Satchfan,

 

Please find the following completed.

 

# AdwCleaner v6.010 - Logfile created 09/09/2016 at 17:57:54
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-09.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X86)
# Username : Nicholas - DELL-STUDIO
# Running from : C:\Users\Nicholas\Downloads\adwcleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files\PaRiceMinnus
[-] Folder deleted: C:\ProgramData\100fb94962ddc678
[-] Folder deleted: C:\ProgramData\ProiceDuoawnlloader
[-] Folder deleted: C:\ProgramData\{9d85ffa6-3e8b-31e9-9d85-5ffa63e8fe98}
[-] Folder deleted: C:\Program Files\Common Files\freemake shared


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\F8BD2F58-181C-49D0-8A1E-2BE9E5C93F00
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ProductUpdater]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}_is1
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\WEBAPP
[#] Key deleted on reboot: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\SweetIM
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\SupDp
[#] Key deleted on reboot: HKLM\SOFTWARE\SUPDP
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.searchengine.iconURL" -  "hxxp://do-search.com/web/favicon.ico"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3336 Bytes] - [09/09/2016 17:57:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [3474 Bytes] - [09/09/2016 17:56:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3482 Bytes] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x86
Ran by Nicholas (Administrator) on Fri 09/09/2016 at 18:07:40.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 19

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Program Files\mozilla firefox\plugins\nptrademanager.dll (File)
Successfully deleted: C:\Program Files\004 (Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z54OGTL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60UFHI7C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WONY10A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIWTUUO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXR4CQZX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY1MP02H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS2VO60Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB5VBFBX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Z54OGTL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60UFHI7C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WONY10A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BIWTUUO6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXR4CQZX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JY1MP02H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS2VO60Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB5VBFBX (Temporary Internet Files Folder)

Deleted the following from C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767\prefs.js
user_pref(browser.search.searchengine.alias, );
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.name, );
user_pref(browser.search.searchengine.ptid, cor);
user_pref(browser.search.searchengine.uid, WDCXWD7500BPVT-16HXZT3_WD-WX71AA1S3400S3400);
user_pref(extensions.quick_start.enable_search1, false);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);



Registry: 1

Successfully deleted: HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0 (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/09/2016 at 18:10:26.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016
Ran by Nicholas (administrator) on DELL-STUDIO (09-09-2016 18:18:14)
Running from C:\Users\Nicholas\Desktop
Loaded Profiles: Nicholas (Available Profiles: Nicholas)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\Nicholas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_60\bin\jp2launcher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [357384 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3161608 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [UVS10 Preload] => C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-09] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation)
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\Run: [Mobile Partner] => C:\Program Files\pocketwifi\pocketwifi
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\Run: [Spotify Web Helper] => C:\Users\Nicholas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-08] (Spotify Ltd)
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {1e2f59f8-bfc8-11e5-9f93-002219e84549} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {e2962101-5b7f-11e2-9ed1-002219e84549} - E:\AutoRun.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {e2962102-5b7f-11e2-9ed1-002219e84549} - E:\AutoRun.exe
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-12] (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-09-09]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{410EA5DA-CB18-4D37-9161-AEAD8801E25D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ADDEC05B-1FE5-4831-B419-05D2F824BC25}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F41766D3-0E18-41EF-8F12-66AB97008D9E}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-16] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3516276756-2783399779-2035192171-1000: @seedonk.com/SeeVWidget,version=1.0.0.0 -> C:\Program Files\iSecurityPlusPlayer\npseev.dll [2012-10-04] (Seedonk Inc)
FF Plugin HKU\S-1-5-21-3516276756-2783399779-2035192171-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nicholas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-26] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-10-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-10-20] (Apple Inc.)
FF Extension: (English (Australian) Dictionary) - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767\Extensions\en-AU@dictionaries.addons.mozilla.org [2015-04-20] [not signed]
FF Extension: (British English Dictionary (Updated)) - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767\Extensions\en-gb@flyingtophat.co.uk [2015-04-20] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-15] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-12]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-12] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_61cf005dca0fb599\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 FXNADB; C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-12] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2007-02-14] (Samsung Electronics Co., Ltd.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [269536 2008-09-19] (Creative Technology Ltd.)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11376 2016-05-10] () [File not signed]
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-30] (Prolific Technology Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2007-02-14] (Samsung Electronics) [File not signed]
S3 TVicHW32; \??\C:\Windows\system32\DRIVERS\TVicHW32.SYS [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 18:18 - 2016-09-09 18:20 - 00017732 _____ C:\Users\Nicholas\Desktop\FRST.txt
2016-09-09 18:18 - 2016-09-09 18:18 - 00000000 ____D C:\FRST
2016-09-09 18:17 - 2016-09-09 18:17 - 01747968 _____ (Farbar) C:\Users\Nicholas\Desktop\FRST.exe
2016-09-09 18:10 - 2016-09-09 18:10 - 00004143 _____ C:\Users\Nicholas\Desktop\JRT.txt
2016-09-09 18:05 - 2016-09-09 18:05 - 01610560 _____ (Malwarebytes) C:\Users\Nicholas\Desktop\JRT.exe
2016-09-09 18:04 - 2016-09-09 18:10 - 00000000 ____D C:\Users\Nicholas\Desktop\Dumps
2016-09-09 17:54 - 2016-09-09 17:57 - 00000000 ____D C:\AdwCleaner
2016-09-09 17:53 - 2016-09-09 17:53 - 03826240 _____ C:\Users\Nicholas\Downloads\adwcleaner_6.010.exe
2016-08-17 14:28 - 2016-07-09 01:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-11 10:14 - 2016-08-03 00:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-11 10:14 - 2016-08-02 16:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-11 10:14 - 2016-08-02 15:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-11 10:14 - 2016-08-02 15:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-11 10:14 - 2016-08-02 15:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-11 10:14 - 2016-08-02 15:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-11 10:14 - 2016-08-02 15:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-11 10:14 - 2016-08-02 15:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-11 10:14 - 2016-08-02 15:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-11 10:14 - 2016-08-02 15:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-11 10:14 - 2016-08-02 15:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-11 10:14 - 2016-08-02 15:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-11 10:14 - 2016-08-02 15:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-11 10:14 - 2016-08-02 15:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-11 10:14 - 2016-08-02 15:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-11 10:14 - 2016-08-02 15:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-11 10:14 - 2016-08-02 15:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-11 10:14 - 2016-08-02 14:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-11 10:14 - 2016-08-02 14:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-11 10:13 - 2016-08-02 16:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-11 10:13 - 2016-08-02 15:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-11 10:13 - 2016-08-02 15:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-11 10:13 - 2016-08-02 15:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-11 10:13 - 2016-08-02 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-11 10:13 - 2016-08-02 15:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-11 10:13 - 2016-08-02 15:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-11 10:13 - 2016-08-02 15:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-11 10:13 - 2016-08-02 15:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-11 10:13 - 2016-08-02 15:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-11 10:13 - 2016-08-02 15:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-11 10:13 - 2016-08-02 15:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-11 10:13 - 2016-08-02 15:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-11 10:13 - 2016-08-02 15:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-11 10:13 - 2016-08-02 15:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-11 10:13 - 2016-08-02 14:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 13:09 - 2016-07-09 01:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 13:09 - 2016-07-09 01:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 13:09 - 2016-07-09 01:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 13:09 - 2016-07-09 01:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 13:09 - 2016-07-09 00:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 13:09 - 2016-07-09 00:53 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 13:09 - 2016-07-09 00:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 13:09 - 2016-07-09 00:51 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 13:09 - 2016-07-09 00:51 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 13:09 - 2016-07-09 00:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 13:09 - 2016-07-09 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 13:09 - 2016-07-09 00:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 18:17 - 2012-09-15 13:22 - 00018544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-09 18:17 - 2012-09-15 13:22 - 00018544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-09 18:13 - 2012-09-15 15:43 - 00000000 ____D C:\Program Files\Steam
2016-09-09 18:12 - 2013-08-14 23:37 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-09 18:12 - 2009-07-14 14:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-09 18:02 - 2016-08-01 16:38 - 00001829 _____ C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-09 18:02 - 2016-07-12 14:19 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-09 18:02 - 2013-06-28 14:37 - 00001251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-09-09 18:02 - 2013-06-28 14:36 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-09 18:02 - 2013-06-28 14:11 - 00001918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
2016-09-09 18:02 - 2013-02-02 18:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-09 18:02 - 2012-11-06 17:41 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
2016-09-09 18:02 - 2012-11-05 17:35 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2016-09-09 18:02 - 2012-09-15 16:09 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2016-09-09 18:02 - 2012-09-15 15:51 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-09 18:02 - 2012-09-15 13:54 - 00001393 _____ C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-09 18:02 - 2012-09-15 13:24 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-09 18:02 - 2012-09-15 13:24 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-09 18:02 - 2012-09-13 22:13 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-09 18:02 - 2009-07-14 14:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-09 18:02 - 2009-07-14 14:42 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-09-09 18:02 - 2009-07-14 14:42 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-09 18:02 - 2009-07-14 14:42 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-09 18:02 - 2009-07-14 14:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-09 18:01 - 2016-05-10 13:47 - 00001971 _____ C:\Users\Public\Desktop\Halo.lnk
2016-09-09 18:01 - 2015-05-28 17:48 - 00001018 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-09 18:01 - 2015-01-19 21:30 - 00001822 _____ C:\Users\Public\Desktop\Pixlr .lnk
2016-09-09 18:01 - 2013-02-02 18:36 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-09-09 18:01 - 2013-01-18 16:22 - 00001083 _____ C:\Users\Public\Desktop\LaserBee Interface.lnk
2016-09-09 18:01 - 2009-07-14 14:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-09 18:01 - 2009-07-14 14:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-09 18:00 - 2016-08-01 16:38 - 00001823 _____ C:\Users\Nicholas\Desktop\Spotify.lnk
2016-09-09 18:00 - 2015-04-18 19:12 - 00001857 _____ C:\Users\Nicholas\Desktop\PokerStars.lnk
2016-09-09 18:00 - 2014-01-05 19:49 - 00000939 _____ C:\Users\Nicholas\Desktop\Mozilla Firefox.lnk
2016-09-09 18:00 - 2014-01-03 19:25 - 00002042 _____ C:\Users\Nicholas\Desktop\SDFormatter.lnk
2016-09-09 18:00 - 2012-09-15 15:43 - 00000875 _____ C:\Users\Nicholas\Desktop\Steam.lnk
2016-09-09 17:24 - 2013-08-14 23:37 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-09 15:41 - 2015-05-28 17:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-09 15:32 - 2012-09-15 16:08 - 00000000 ____D C:\Users\Nicholas\AppData\Local\Paint.NET
2016-09-06 18:15 - 2012-09-15 15:58 - 00000000 ____D C:\Users\Nicholas\Desktop\Music 1
2016-09-06 17:15 - 2016-07-22 11:42 - 00000000 ____D C:\Users\Nicholas\Desktop\Docs
2016-09-05 10:20 - 2013-09-04 16:42 - 00000000 ____D C:\Users\Nicholas\Desktop\My Camera
2016-08-30 23:09 - 2014-06-07 21:02 - 00000000 ____D C:\Users\Nicholas\AppData\Local\PokerStars
2016-08-30 13:36 - 2012-11-10 14:01 - 00000000 ____D C:\Users\Nicholas\AppData\Roaming\Skype
2016-08-30 13:35 - 2016-07-12 14:51 - 00000000 ___RD C:\Program Files\Skype
2016-08-30 13:35 - 2012-11-10 14:01 - 00000000 ____D C:\ProgramData\Skype
2016-08-30 13:31 - 2012-09-15 15:43 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-08-18 17:33 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\rescache
2016-08-13 20:58 - 2016-04-28 12:42 - 00000000 ____D C:\Users\Nicholas\AppData\Local\Mixxx
2016-08-12 15:48 - 2010-11-21 07:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-12 15:48 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\inf
2016-08-11 09:19 - 2009-07-14 14:33 - 00327080 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2012-10-23 17:17 - 2015-06-02 20:05 - 0005120 _____ () C:\Users\Nicholas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Nicholas\AppData\Local\Temp\comver.dll
C:\Users\Nicholas\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Nicholas\AppData\Local\Temp\libeay32.dll
C:\Users\Nicholas\AppData\Local\Temp\msvcr120.dll
C:\Users\Nicholas\AppData\Local\Temp\old haloupdate.exe
C:\Users\Nicholas\AppData\Local\Temp\pidgen.dll
C:\Users\Nicholas\AppData\Local\Temp\pvz9ivva.dll
C:\Users\Nicholas\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicholas\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 11:42

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Nicholas (09-09-2016 18:21:01)
Running from C:\Users\Nicholas\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2012-09-15 03:53:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3516276756-2783399779-2035192171-500 - Administrator - Disabled)
Guest (S-1-5-21-3516276756-2783399779-2035192171-501 - Limited - Disabled)
Nicholas (S-1-5-21-3516276756-2783399779-2035192171-1000 - Administrator - Enabled) => C:\Users\Nicholas

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AliIM Plugins for Browser (HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\AliIM Plugins for Browser) (Version: 1.0 - Alibaba(China) Co., Ltd)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{E4AAB0A5-482C-0048-3D37-57A3965601B6}) (Version: 3.0.699.0 - ATI Technologies, Inc.)
Autodesk Pixlr (HKLM\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)
Autodesk Pixlr (Version: 1.0.3.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 12.1.2272 - AVAST Software)
BitMinter Client (HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\BitMinter Client) (Version:  - BitMinter.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.22.02 - Broadcom Corporation)
Call of Duty: Ghosts - Multiplayer (HKLM\...\Steam App 209170) (Version:  - )
ccc-core-static (Version: 2008.1114.2149.39131 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version:  - NCH Software)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
DocuPrint CM205 f_fw (HKLM\...\InstallShield_{E9D46BC6-2981-45FF-B062-3A63E78766B0}) (Version: 1.009.00 - Fuji Xerox)
DocuPrint CM205 f_fw (Version: 1.009.00 - Fuji Xerox) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.2.1.5 (10/10/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Express Zip (HKLM\...\ExpressZip) (Version:  - NCH Software)
Freemake Video Converter version 4.1.7 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)
iExplorer 3.2.2.2 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Integrated Webcam Driver (1.00.03.0919)   (HKLM\...\Creative OA008) (Version:  - )
Intel® PROSet/Wireless WiFi Driver (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel® Corporation)
iSecurity+ Player version 1.0.6 (HKLM\...\{32477CC4-DF51-4834-A3E3-5ED765ABC044}_is1) (Version: 1.0.6 - Seedonk, Inc.)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
LaserBee Interface (HKLM\...\LPM_Interface_is1) (Version: 2.2.0.3 - )
Logitech GamePanel Software 3.03.133 (HKLM\...\{6CC95B76-D380-46B2-9022-9353938E48BA}) (Version: 3.03.133 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Flight Simulator X Demo (HKLM\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Halo (HKLM\...\Halo) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mixxx 2.0.0 (HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-GB)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenSSL 1.0.1c Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
pocketwifi (HKLM\...\pocketwifi) (Version: TOOL-ConnLaucher_WIN1.01.01.737 - Huawei Technologies Co.,Ltd)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PS3 Theme Builder 2.5 (HKLM\...\{3569D403-23C1-4432-9A33-3E82C47BE470}_is1) (Version:  - LiliChan Software)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.05 - RICOH)
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skins (Version: 2008.1114.2149.39131 - ATI) Hidden
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.2.7 - SmartSound Software Inc) Hidden
SpinTires Tech Demo (June 060613) (HKLM\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Spotify (HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2012.build.53 (Sep 13, 2012) version v2012.build.53 (HKLM\...\{8F311E72-C27F-4DF0-8254-B739A1831668}_is1) (Version: v2012.build.53 - eRightSoft)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ulead VideoStudio 10 (HKLM\...\{E188D820-1218-4E28-8BCA-91134C3664C2}) (Version: 10.0 - Ulead Systems)
Unity Web Player (HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xerox Phaser 3200MFP (HKLM\...\Xerox Phaser 3200MFP) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Nicholas\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FF37AD4-FFA4-48E5-85D3-B7539F2F0885} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-12] (AVAST Software)
Task: {18DA6E0D-8567-4886-8F3D-5D2687052A20} - System32\Tasks\{C2D65430-C1C9-4D6D-B497-047D31FC7532} => C:\Users\Nicholas\Desktop\50lions\50lions\Mainsys.exe
Task: {278392F0-E4E1-4FD4-8724-2551B17CCFEE} - System32\Tasks\SafeZone scheduled Autoupdate 1468297159 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {30061181-C374-4735-B3B6-28BC6432780C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {54F9B8E5-475E-46A4-8EAE-9B9B1B6EE0D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {60DCC0A1-5E1E-44CA-9238-E868EC2D9BAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-23] (Piriform Ltd)
Task: {C4440F3C-74B0-4934-8D06-57933F8F9E57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {C6F70822-B664-47FC-AE97-9348F9CEE0C4} - System32\Tasks\{4478A926-3E28-4EF4-8621-DB2939FE6C22} => pcalua.exe -a C:\Users\Nicholas\Desktop\MoparScapeInstall.exe -d C:\Users\Nicholas\Desktop
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Nicholas\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
Shortcut: C:\Users\Nicholas\Desktop\Music 1\RSPS 525\Client.lnk -> C:\Users\Nicholas\Desktop\Music 1\RSPS 525\Insidia 2 Package\InsidiaX 2\1. Run Client.bat ()
Shortcut: C:\Users\Nicholas\Desktop\Music 1\RSPS 525\Source.lnk -> C:\Users\Nicholas\Desktop\Music 1\RSPS 525\Insidia 2 Package\Insidia Source 2\run.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-07-12 12:06 - 2016-07-12 12:06 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-09 11:09 - 2016-09-09 11:09 - 03084464 _____ () C:\Program Files\AVAST Software\Avast\defs\16090802\algo.dll
2016-07-12 12:06 - 2016-07-12 12:06 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-06-03 21:18 - 2011-11-18 10:00 - 00019456 _____ () C:\Windows\System32\fxhk4alm.dll
2013-02-20 19:03 - 2007-06-01 10:50 - 00022723 _____ () C:\Windows\System32\ps3200l3.dll
2013-06-03 21:18 - 2012-04-28 10:26 - 15071744 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\fxhk4aRC.DLL
2012-11-06 17:41 - 2012-11-06 17:41 - 00083456 _____ () C:\Program Files\NCH Software\ExpressZip\ezcm.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-12 12:07 - 2016-07-12 12:07 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\seedonk.com -> hxxp://www.seedonk.com
IE trusted site: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\seedonk.com -> hxxps://www.seedonk.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 20:23 - 2014-03-02 15:36 - 00000789 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
74.208.10.249 gs.apple.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39215BE7-1A73-4AFD-BD41-9C0E6D3313F6}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{356DCD18-3084-4087-9135-3DB8A964DF85}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{489DFC1C-1982-4DB3-B7ED-619F24F60CA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A223C4B-30E6-4DDC-9923-23DF08EF3F1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99B18449-8C2A-4426-B284-FC47E1EBF11A}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{82E4EFF0-17B3-4C55-8749-53B87797C3A2}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{15FD549A-F1AA-4992-BEAF-70B32D1A405A}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{920A9591-79AE-4B40-93A7-5BFD3ADC84FD}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [TCP Query User{BABB756C-3A49-468E-81AA-35D54832503C}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{20C6EEAC-7E26-4485-9FBC-AA67BD0CE69B}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{594EDE22-5ABB-4509-B2B6-13DD556DE94C}C:\windows\system32\java.exe] => (Block) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{CCA265D5-63EA-4385-850A-5E4D098053ED}C:\windows\system32\java.exe] => (Block) C:\windows\system32\java.exe
FirewallRules: [{957A0F8E-F50F-47F8-8902-F892B0CD4793}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{3B2BD095-23C1-4616-A0C9-14500E57534A}C:\users\nicholas\desktop\patchblocker.exe] => (Allow) C:\users\nicholas\desktop\patchblocker.exe
FirewallRules: [UDP Query User{086D34AD-02E0-4E6A-B188-A655D94A41B6}C:\users\nicholas\desktop\patchblocker.exe] => (Allow) C:\users\nicholas\desktop\patchblocker.exe
FirewallRules: [TCP Query User{E876A512-1261-4B6E-8152-F0B7A4EC34FF}C:\users\nicholas\documents\downloads\patchblocker.exe] => (Allow) C:\users\nicholas\documents\downloads\patchblocker.exe
FirewallRules: [UDP Query User{71E103C9-5DBF-4CFD-B019-5B577369F36D}C:\users\nicholas\documents\downloads\patchblocker.exe] => (Allow) C:\users\nicholas\documents\downloads\patchblocker.exe
FirewallRules: [{2FE671C1-A1D7-4134-AD49-025BE2B36332}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{009AB384-F6DE-43DD-AFE7-9635E2F09D67}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5D2007E1-1F83-4870-82B4-7848F18E465A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{8567DC41-86D0-48D8-B461-E4513165456B}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{CD5834AE-28B8-4CD6-B423-7CD7D3DE080B}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{17E7DB77-71CB-46D0-9531-14186183F664}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{0078A29B-805F-40CE-9C20-CA19083B78CE}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{280B737B-9560-4E4C-ACB4-B913333576FF}] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{667E9D04-BE88-41D4-B174-9DE75C112DF1}] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{E007ED3B-D73B-467B-B0B3-FC76C901FBEF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D1AA1073-35B1-438C-B88C-028857484EDC}] => (Allow) LPort=2869
FirewallRules: [{A553B62A-2E07-4602-AC8C-A94089BB71ED}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{3028657F-11B6-4920-8F7D-B7D66DB9927F}C:\users\nicholas\downloads\pocketmine-mp\bin\php\php.exe] => (Block) C:\users\nicholas\downloads\pocketmine-mp\bin\php\php.exe
FirewallRules: [UDP Query User{1A3C49AB-1E50-40DD-8CE9-46B71CF83EFC}C:\users\nicholas\downloads\pocketmine-mp\bin\php\php.exe] => (Block) C:\users\nicholas\downloads\pocketmine-mp\bin\php\php.exe
FirewallRules: [TCP Query User{324AFF46-150D-4666-8BAA-6B3ED834BC57}C:\program files\bitcoin\bitcoin-qt.exe] => (Block) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{F7E2588B-2819-4924-B254-DD10E0C0DB27}C:\program files\bitcoin\bitcoin-qt.exe] => (Block) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{C3A61702-8F58-425C-9830-DC9A73A6D13D}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{AC85A45C-4A38-4DBA-B8E8-0C6B1A943033}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{ED55CC7A-0197-4986-AC39-2E6F073BBA80}C:\users\nicholas\desktop\doge coin\dogecoin-qt.exe] => (Allow) C:\users\nicholas\desktop\doge coin\dogecoin-qt.exe
FirewallRules: [UDP Query User{6E394B23-9AA6-4826-A3E5-D1CC1FC8CCA2}C:\users\nicholas\desktop\doge coin\dogecoin-qt.exe] => (Allow) C:\users\nicholas\desktop\doge coin\dogecoin-qt.exe
FirewallRules: [{C7301CD7-9716-4249-BABB-6D1BA5D9368D}] => (Block) C:\users\nicholas\desktop\doge coin\dogecoin-qt.exe
FirewallRules: [{FFF231AA-AF04-4372-A9B8-AB208F655192}] => (Block) C:\users\nicholas\desktop\doge coin\dogecoin-qt.exe
FirewallRules: [{BA48CD66-09D4-48E8-8D23-B0D423F25021}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{376295A9-BE0D-4975-94CD-31AE73CE2B49}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{3A99AF86-7521-4E43-BC05-E0CA1E9CFB62}C:\users\nicholas\downloads\tinyumbrella-7.04.00.exe] => (Block) C:\users\nicholas\downloads\tinyumbrella-7.04.00.exe
FirewallRules: [UDP Query User{658FF025-ABBF-4911-9A4C-679297E01E24}C:\users\nicholas\downloads\tinyumbrella-7.04.00.exe] => (Block) C:\users\nicholas\downloads\tinyumbrella-7.04.00.exe
FirewallRules: [{B237ED94-551E-4A8F-BB4A-BDC13F206969}] => (Allow) C:\Program Files\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{B18B5EAE-B43C-40A6-825A-120675F5E145}] => (Allow) C:\Program Files\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe
FirewallRules: [{79EAD2DB-5DB9-4C0D-B133-CA7830EFA453}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B1A2D301-F8F3-4E40-9A51-6DE2AFC440A5}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{159ABDDD-692C-4EBD-9E8F-42BA26E9E080}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{B84EEA2D-5859-4A08-ADC3-22206DB668DD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E80F1726-8B19-4080-B1A4-839C0FBF511A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{E340667C-0202-425D-B301-961B0A58304A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{35C42194-A94A-4A30-9075-6E341938067C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A56EF09-981E-4A5F-B7FF-E90B3A8FC0FC}C:\program files\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{8D244FFC-9D48-48F9-8121-F8E9F7D3A85D}C:\program files\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [{B8EA7E35-5B6A-47B2-A4EE-97ADDECA9DBF}] => (Block) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [{91B12324-E2D3-44C1-A0D6-6DB6DF7639A2}] => (Block) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [{50CC8D70-6FFB-4D05-BCD9-211DAFA71612}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F49FF5F6-B2C3-4701-AA48-D70F9DB46CF0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D6F218E0-D6B9-4232-A989-28D9DADD7688}C:\program files\java\jdk1.8.0_31\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_31\bin\jmc.exe
FirewallRules: [UDP Query User{5AE47895-3190-4488-81CB-DFBB3605764E}C:\program files\java\jdk1.8.0_31\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_31\bin\jmc.exe
FirewallRules: [TCP Query User{B907DD26-957D-4EBB-AEB8-EAB7DDA39A99}C:\program files\java\jdk1.8.0_31\bin\java.exe] => (Block) C:\program files\java\jdk1.8.0_31\bin\java.exe
FirewallRules: [UDP Query User{2F3FD617-A621-40B4-BCEA-268F81AAE1CD}C:\program files\java\jdk1.8.0_31\bin\java.exe] => (Block) C:\program files\java\jdk1.8.0_31\bin\java.exe
FirewallRules: [TCP Query User{3EA46D5F-573C-40DE-B642-B504B1F7951E}C:\program files\java\jre1.8.0_31\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [UDP Query User{9E21F305-E615-42B7-98FC-683A42832BF4}C:\program files\java\jre1.8.0_31\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [{02C9D67F-39A8-4F1B-AE21-A6A662C64AC4}] => (Block) C:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [{881540E6-B866-4E89-AD93-AB5B29DB5376}] => (Block) C:\program files\java\jre1.8.0_31\bin\java.exe
FirewallRules: [TCP Query User{48E89F15-22B9-4CA6-9679-FB697E28BD14}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8164169D-0F25-4F0F-AC2D-755BD58772C3}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0507D631-93B3-46D0-9104-C26893AC7B94}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E9C2F140-703A-4C9B-8AB0-E147EC07783C}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8E6FF8B9-3DC4-4E87-8773-26B4E1FFE786}C:\program files\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files\Java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [UDP Query User{844AD344-4CC9-4D49-8C88-41046ED94898}C:\program files\Java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files\Java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [{9514A18C-D41F-4667-A4FE-DFA40B74BF68}] => (Block) C:\program files\Java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [{95F8A943-D138-44D8-A04D-DE48B2C455F6}] => (Block) C:\program files\Java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [TCP Query User{AC01C690-D560-4F0C-932F-02DFB074E93A}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{0E5790E6-F238-4302-B97F-1A6D317CDA6C}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{A9217AE5-F62D-47CC-A515-BB05A7E61328}] => (Block) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{25C21DC3-9662-425D-9F3E-0116272D0195}] => (Block) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{FF7CA54B-3612-4516-919C-557B6669937A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3E2D0B96-ABAA-41ED-A607-D076E38A1886}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{6760CE31-6998-4A05-B386-4F439C4DC7DA}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{C8DD051E-59C3-4F11-9A2C-938710FA2CCE}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{BA087306-3D85-4CB7-8805-7486D213F3FD}] => (Block) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{F58C2368-7DE4-4274-90BB-8AE12D30D49C}] => (Block) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{16CFC62C-C1F6-4452-9838-3ABF860DFF87}C:\program files\microsoft games\halo\halo.exe] => (Block) C:\program files\microsoft games\halo\halo.exe
FirewallRules: [UDP Query User{ECBD8CE6-04F9-4534-A4E4-5058F3311D2F}C:\program files\microsoft games\halo\halo.exe] => (Block) C:\program files\microsoft games\halo\halo.exe
FirewallRules: [TCP Query User{4806B4A2-3F7A-4AD7-8B3D-3A179F30EEC3}C:\users\nicholas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0F56A335-FB78-422B-9B3C-DB91D7FF4327}C:\users\nicholas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicholas\appdata\roaming\spotify\spotify.exe

==================== Restore Points =========================

08-09-2016 17:36:38 Scheduled Checkpoint
09-09-2016 18:07:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2016 06:12:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/09/2016 05:59:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/09/2016 11:10:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2016 03:05:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x115c
Faulting application start time: 0x01d2098ea6f80d2f
Faulting application path: C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Faulting module path: C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Report Id: e8782c40-7581-11e6-bf06-002219e84549

Error: (09/08/2016 03:00:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/07/2016 12:45:01 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Event-ID 1

Error: (09/07/2016 11:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2016 09:35:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2016 10:19:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/04/2016 12:50:46 PM) (Source: Google Update) (EventID: 1) (User: NT AUTHORITY)
Description: Event-ID 1


System errors:
=============
Error: (09/09/2016 06:12:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the device specified.

Error: (09/09/2016 06:12:04 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/09/2016 06:12:04 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/09/2016 06:12:03 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/09/2016 06:12:03 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/09/2016 05:59:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
The system cannot find the device specified.

Error: (09/09/2016 05:59:16 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/09/2016 05:59:16 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/09/2016 05:59:14 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/09/2016 05:59:14 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


CodeIntegrity:
===================================
  Date: 2016-09-09 18:11:54.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 18:11:53.836
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 17:59:05.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 17:59:05.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 11:07:38.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-09 11:07:38.616
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 14:59:28.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 14:59:28.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-07 11:33:01.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-07 11:33:01.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 3066.86 MB
Available physical RAM: 1596.67 MB
Total Virtual: 6132.04 MB
Available Virtual: 4410.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.63 GB) (Free:524.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: C7C32F03)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Thanks,



#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 05:22 AM

That’s not looking too bad but you will need to re-install Chrome. First, run this “fix”.

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.

HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {1e2f59f8-bfc8-11e5-9f93-002219e84549} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {e2962101-5b7f-11e2-9ed1-002219e84549} - E:\AutoRun.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {e2962102-5b7f-11e2-9ed1-002219e84549} - E:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 FXNADB; C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [X]
S3 TVicHW32; \??\C:\Windows\system32\DRIVERS\TVicHW32.SYS [X]
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
FirewallRules: [{15FD549A-F1AA-4992-BEAF-70B32D1A405A}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{920A9591-79AE-4B40-93A7-5BFD3ADC84FD}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [TCP Query User{0507D631-93B3-46D0-9104-C26893AC7B94}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E9C2F140-703A-4C9B-8AB0-E147EC07783C}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Uninstall Chrome
 

CHR dev: Chrome dev build detected! <======= ATTENTION


Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things, this allows malware to install any extension it wants. Chrome needs to be uninstalled so we can deal with the infections present on your computer. After your computer is clean, Chrome can be reinstalled

First save all your bookmarks/favourites.

  • open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager
  • click on Organise and then select Export Bookmarks to HTML file, then choose Desktop to save it
  • again, click on the three bars in the top right hand corner and select Settings
  • in the list of Settings under “Sign in” click on Disconnect your Google Account – (if “Disconnect your Google Account” is not there, you will have to sign in using your Chrome username and password first to make it visible)
  • in the text of the next window click on “Google Dashboard” then, at the “Chrome sync” screen, click on Stop and Clear at the bottom
  • a box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step)
  • when confirmation appears close that page and then click on Disconnect account
  • shut Google Chrome, then uninstall it from Control panel > programs and features.

Reboot the system and then reinstall Google Chrome from here

Repeat the process to reinstate your bookmarks by going to Bookmarks > Bookmarks Manager > Organise and select Import Bookmarks.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7, 8 and 10 right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    autoclean;
    emptyalltemp;
    emptyclsid;
    
  • close any open programs
  • click the Run script button, and wait. It takes a few minutes to run
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

Fixlog.txt
zoek-results.log

Can you tell me how things are now and if any problems remain.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Dell95

Dell95
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 05:38 AM

Thanks for your help so far! Just quickly, I don't use Chrome at all so does it matter if I leave it un-installed and I believe I don't have any bookmarks or accounts attached to it. Thanks

#6 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 05:43 AM

I don't use Chrome at all so does it matter if I leave it un-installed

I'm glad to hear you don't use it, (something I've been advising people for years). Please DO leave it uninstalled.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 Dell95

Dell95
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 05:53 AM

Having another look now it seems it's no longer installed on my computer anyway, Still a few files/folders left behind from it though by the looks of it.

 

Can't find it by searching or in the control panel.

 

 

EDIT: Also still receiving the same Avast notice upon booting Firefox.


Edited by Dell95, 09 September 2016 - 05:55 AM.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 05:56 AM

Have you run the "fix" and Zoek? If so, please post the logs.

 

Thanks


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Dell95

Dell95
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 06:35 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 31-08-2016
Ran by Nicholas (09-09-2016 20:30:32) Run:1
Running from C:\Users\Nicholas\Desktop\Dumps
Loaded Profiles: Nicholas (Available Profiles: Nicholas)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {1e2f59f8-bfc8-11e5-9f93-002219e84549} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {e2962101-5b7f-11e2-9ed1-002219e84549} - E:\AutoRun.exe
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\...\MountPoints2: {e2962102-5b7f-11e2-9ed1-002219e84549} - E:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 FXNADB; C:\Program Files\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [X]
S3 TVicHW32; \??\C:\Windows\system32\DRIVERS\TVicHW32.SYS [X]
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
FirewallRules: [{15FD549A-F1AA-4992-BEAF-70B32D1A405A}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{920A9591-79AE-4B40-93A7-5BFD3ADC84FD}] => (Allow) C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [TCP Query User{0507D631-93B3-46D0-9104-C26893AC7B94}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E9C2F140-703A-4C9B-8AB0-E147EC07783C}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe
EmptyTemp:
*****************

"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2f59f8-bfc8-11e5-9f93-002219e84549}" => key removed successfully.
HKCR\CLSID\{1e2f59f8-bfc8-11e5-9f93-002219e84549} => key not found.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2962101-5b7f-11e2-9ed1-002219e84549}" => key removed successfully.
HKCR\CLSID\{e2962101-5b7f-11e2-9ed1-002219e84549} => key not found.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2962102-5b7f-11e2-9ed1-002219e84549}" => key removed successfully.
HKCR\CLSID\{e2962102-5b7f-11e2-9ed1-002219e84549} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
FXNADB => service removed successfully.
TVicHW32 => service removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-3516276756-2783399779-2035192171-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15FD549A-F1AA-4992-BEAF-70B32D1A405A} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{920A9591-79AE-4B40-93A7-5BFD3ADC84FD} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0507D631-93B3-46D0-9104-C26893AC7B94}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E9C2F140-703A-4C9B-8AB0-E147EC07783C}C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe => value removed successfully.
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" => not found.
"C:\users\nicholas\appdata\roaming\utorrent\utorrent.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71372117 B
Java, Flash, Steam htmlcache => 44829455 B
Windows/system/drivers => 131122936 B
Edge => 0 B
Chrome => 0 B
Firefox => 383924018 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 80611 B
LocalService => 66228 B
NetworkService => 137866 B
Nicholas => 267165000 B

RecycleBin => 1115306084 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:31:16 ====

 

 

 

 

 

 

 

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Nicholas on Fri 09/09/2016 at 20:59:09.46.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nicholas\Desktop\Dumps\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9/09/2016 8:59:57 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Users\Nicholas\AppData\Local\BeamNG deleted successfully
C:\Users\Nicholas\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Nicholas\AppData\Local\EmieSiteList deleted successfully
C:\Users\Nicholas\AppData\Local\EmieUserList deleted successfully
C:\Users\Nicholas\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- Lines extensions.UZAazWUnmNlzrwlO removed from prefs.js ----
user_pref("extensions.UZAazWUnmNlzrwlO.epoch", "1");
user_pref("extensions.UZAazWUnmNlzrwlO.scode", "void(0);");
user_pref("extensions.UZAazWUnmNlzrwlO.url", "http://filesspot.co.il/sync/?q=C6qUojwGrTCHpjr4pja8pjw7rjsHrTr5tMZPhd9FqdUFqTw8rHs6qTY5pdgEpjw5qShGheDUo
---- Lines extensions.WaF6TjCDNk8eqrhV removed from prefs.js ----
user_pref("extensions.WaF6TjCDNk8eqrhV.epoch", "1");
user_pref("extensions.WaF6TjCDNk8eqrhV.scode", "void(0);");
user_pref("extensions.WaF6TjCDNk8eqrhV.url", "http://unitially.info/sync/?q=C6qUojwGrTCHpjr4pja8pjw7rjsHrTr5tMZPhd9FqdUFqTw8rHs6qTY5pdgEpjw5qShGheDUoj
---- FireFox user.js and prefs.js backups ----

prefs_20160909_0926_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\Screen Resolution Tester deleted
C:\Users\Nicholas\.android deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Nicholas\AppData\Local\Unity deleted
C:\Users\Nicholas\AppData\LocalLow\Unity deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted
NCH Software\DebutReminder deleted
NCH Software\ExpressZipDowngrade deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767
user_pref("browser.startup.homepage", "about:home");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [12/07/2016 12:07 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767
- English Australian Dictionary - %ProfilePath%\extensions\en-AU@dictionaries.addons.mozilla.org
- British English Dictionary Updated - %ProfilePath%\extensions\en-gb@flyingtophat.co.uk
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Nicholas\AppData\Roaming\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767
2F7480A40151EB2E483CF6524EDBA3F7    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.2
65CE2E25E04D7C750BF8B30B2D34DCD7    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.2
629F9B5B99B80679520623655E31B5D1    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.2
CF758AC229C1F082F179B3F7D14EF78B    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.2
29F9D1A7D3D63FD2D10CE06901475888    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.2
6E9CE4DC2EAA92855480C9281D3AFFF5    - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll -    QuickTime Plug-in 7.7.2
D8EBF6A12964A58C10914DA54E175538    - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll -    QuickTime Plug-in 7.7.2
6F4F3E329FCD6CD3FE5D899C902F5611    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
89AC2634B447B7917CC8CF99127CF50D    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
3EE8AE0ECFE5D79DE1737A855AD1E84C    - C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll -    Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67    - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -    Windows Presentation Foundation / Windows Presentation Foundation
0D80C49D9A4A3E096296C67BD015F614    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Photo Gallery
A3257C59695BD691B433DFF4B3E36C86    - c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll -    Silverlight Plug-In
FE5E10A1775D5B0EE862DBF3BC1283D3    - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll -    Java™ Platform SE 8 U60
41E59AEE190362FD0D6EF71DE5DCE427    - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.600.27
5B92CB0A3EEE50F6B9AE036B4F9B0F0C    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
B5371D2C9017EEE216B5361D600B3543    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
AE7B288233C212C62CD544BF768C45E6    - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll -    Shockwave for Director / Shockwave for Director
57C7E359ED8D049132EED23EFA444C63    - C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll -    Shockwave Flash
8F6EE628FBF69610DC90FF5DDA585C94    - C:\Program Files\iSecurityPlusPlayer\npseev.dll -    Seedonk Inc SeeV
274C5170DF9AFE81421F0728BF301682    - c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/07/2015 12:35 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Users\Nicholas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Nicholas\AppData\Local\Mozilla\Firefox\Profiles\gas6tak8.default-1428814273767\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=36 folders=30 33657988 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nicholas\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Nicholas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 09/09/2016 at 21:33:14.02 ======================
 

 

Still getting the same message. :(


Edited by Dell95, 09 September 2016 - 06:38 AM.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 07:23 AM

Reset Firefox

Let’s try resetting Firefox to its default settings which will remove everything from Firefox.

If you need to keep your bookmarks, follow the instructions here.

  • at the top of the Firefox window, click on the Help menu and select Troubleshooting Information
  • click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • on the right, click Reset Firefox
  • Firefox will close and be reset
  • when it's finished, click Finish and Firefox will open
  • restart the computer and check again.

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Dell95

Dell95
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 07:42 AM

I couldn't find a "Reset" But instead found a "Refresh"  I haven't had any messsages pop up since doing so to Firefox but I'm not that confident to be honest..



#12 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 09:33 AM

There was nothing bad in your logs so to put your mind at rest and to make sure it’s clean, I think the best thing is to uninstall and reinstall Firefox; this will clear out all user data and plugins etc, so you are starting with a fresh install of Firefox.

You can backup your bookmarks if you need to but you will need to install any addins again.

Also note down any passwords etc.

Download a new copy of Firefox from here and save it to your desktop.

How to backup your bookmarks

  • open Firefox.
  • click the “Bookmarks” menu
  • click select Show All Bookmarks
  • in the “Library” window, click the Import and Backup button and then select Backup
  • in the “Bookmarks backup filename” window that opens, choose a location to save the file, which is named Bookmarks-"date".json by default
  • once the backup has run, close all windows and check location for backup file.

Remove Firefox

  • click on Start, Run
  • in the open text entry box please copy/paste appwiz.cpl Then click Enter.
  • press the Remove or Change/Remove...button to uninstall Firefox.

Delete folders in red

C:\Program Files\Mozilla Firefox
C:\Users\Nicholas\AppData\Roaming\mozilla
C:\Program Files\iTunes\Mozilla Plugins

Reboot


Install the new copy of Firefox that you saved to the desktop.

Restore Bookmarks

  • open Firefox
  • click the “Bookmarks” menu
  • click Show All Bookmarks
  • in the “Library” window, click the “Import and Backup” button and then select Restore
  • in the “Bookmarks backup filename” window that opens, choose the location you saved the backup file to

When the restore has taken place, close all windows.

Open Firefox again and let me know if all is still OK.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 Dell95

Dell95
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 09 September 2016 - 10:17 AM

Hi Satchfan,

 

I've done the following and nothing has come up as of yet, I will see how it goes over the next few days..

Should I be confident that Firefox is no longer infected?

 

Thank you so much for your help so far!



#14 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 09 September 2016 - 10:23 AM

Thank you so much for your help so far!

You're welcome
 

 

Should I be confident that Firefox is no longer infected?

 

I would say so as it was Firefox that was being flagged.

 

I'll leave this open for the next couple of days and if you say all is still well then I'll send instructions to tidy up.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:03:07 AM

Posted 12 September 2016 - 10:50 AM

Hello Dell95

 

Can you tell me how things are. If all's well I'll send instructions to tidy up.

 

If I don't hear from you within 24 hours I'll assume all is OK and close the topic.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users