Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware using excess bandwidth


  • Please log in to reply
1 reply to this topic

#1 woodardinar

woodardinar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 15 September 2016 - 10:22 AM

My boss's personal computer was using 3+ gigs a day. I ran ADWcleaner, Mbam, Spybot and then FRST. I ran these cleaners according to a thread concerning an XP OS, but would greatly appreciate some help with the FRST fix. Here are the logs created FRST & Addition:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by a (administrator) on A-PC (13-09-2016 10:54:18)
Running from C:\Users\a\Downloads
Loaded Profiles: a (Available Profiles: a)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxdccoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [mwlDaemon] => xC:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\Run: [googletalk] => C:\Users\a\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\Run: [Google Update] => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\Run: [Facebook Update] => "C:\Users\a\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-07-27]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{71863E6C-6283-4595-B616-7D83F14A6786}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\6eq615ai.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3937493476-1769225534-2793801471-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\a\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-3937493476-1769225534-2793801471-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\a\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3937493476-1769225534-2793801471-1001: @talk.google.com/O1DPlugin -> C:\Users\a\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3937493476-1769225534-2793801471-1001: @tools.google.com/Google Update;version=3 -> C:\Users\a\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3937493476-1769225534-2793801471-1001: @tools.google.com/Google Update;version=9 -> C:\Users\a\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\a\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\a\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\6eq615ai.default\searchplugins\google-default.xml [2015-07-30]
FF Extension: (Firefox Hotfix) - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\6eq615ai.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]

Chrome:
=======
CHR Profile: C:\Users\a\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 lxdcCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [34224 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-05-25] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-05-25] ( )
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-16] (NTI, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-13] (Malwarebytes)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 10:54 - 2016-09-13 10:54 - 00012809 _____ C:\Users\a\Downloads\FRST.txt
2016-09-13 10:52 - 2016-09-13 10:54 - 00000000 ____D C:\FRST
2016-09-13 10:51 - 2016-09-13 10:51 - 02398720 _____ (Farbar) C:\Users\a\Downloads\FRST64.exe
2016-09-13 10:44 - 2016-09-13 10:44 - 00004994 _____ C:\Users\a\Desktop\JRT.txt
2016-09-13 10:40 - 2016-09-13 10:41 - 01610560 _____ (Malwarebytes) C:\Users\a\Downloads\JRT.exe
2016-09-13 10:26 - 2016-09-13 10:34 - 00000000 ____D C:\AdwCleaner
2016-09-13 10:26 - 2016-09-13 10:26 - 03826240 _____ C:\Users\a\Downloads\adwcleaner_6.010.exe
2016-09-13 10:08 - 2016-09-13 10:48 - 00000000 ____D C:\Users\a\Documents\Malware logs
2016-09-12 14:58 - 2016-09-12 14:58 - 00000000 ____D C:\Users\a\Desktop\Sony 091216
2016-09-05 16:00 - 2016-09-05 17:58 - 00000000 ____D C:\Users\a\Documents\Herbal Cures- Cassandra Whitaker‎
2016-08-27 10:06 - 2016-08-29 16:59 - 00000000 ____D C:\Users\a\Documents\2016  FIRE WOOD for sale
2016-08-25 15:39 - 2016-08-27 08:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-16 16:03 - 2016-07-08 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-16 16:03 - 2016-07-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-13 10:44 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-13 10:44 - 2009-07-13 23:45 - 00017600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-13 10:40 - 2012-12-18 16:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-13 10:35 - 2011-07-17 19:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 10:35 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-13 10:32 - 2011-07-17 19:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 09:43 - 2016-06-06 08:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-13 09:35 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-13 09:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-13 09:29 - 2012-06-04 20:19 - 00000912 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001UA.job
2016-09-12 21:29 - 2012-06-04 20:19 - 00000890 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001Core.job
2016-09-12 15:32 - 2011-08-05 15:12 - 00000840 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001Core.job
2016-09-09 08:27 - 2014-02-15 22:11 - 00007604 _____ C:\Users\a\AppData\Local\Resmon.ResmonCfg
2016-09-08 07:16 - 2011-07-16 02:10 - 00000000 ____D C:\Users\a
2016-09-06 09:03 - 2015-12-31 20:24 - 00164352 ____H C:\Users\a\Documents\~WRL3791.tmp
2016-09-06 09:00 - 2015-12-31 20:24 - 00164864 ____H C:\Users\a\Documents\~WRL2431.tmp
2016-09-06 07:52 - 2015-12-31 20:24 - 00164864 ____H C:\Users\a\Documents\~WRL3828.tmp
2016-09-05 20:30 - 2012-07-04 11:23 - 00000000 ____D C:\Users\a\Documents\BANK INFO
2016-08-27 21:25 - 2016-01-07 09:47 - 00000000 ____D C:\Users\a\Documents\Herbs usages1-7-16
2016-08-27 08:21 - 2012-04-27 21:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2011-08-07 15:28 - 2012-06-05 07:41 - 0005120 _____ () C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-15 22:11 - 2016-09-09 08:27 - 0007604 _____ () C:\Users\a\AppData\Local\Resmon.ResmonCfg
2016-07-21 08:34 - 2016-07-21 08:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-02 17:14 - 2014-10-11 08:55 - 0001878 _____ () C:\ProgramData\qcadrc

Some files in TEMP:
====================
C:\Users\a\AppData\Local\Temp\libeay32.dll
C:\Users\a\AppData\Local\Temp\msvcr120.dll
C:\Users\a\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-01 20:10

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by a (13-09-2016 10:55:24)
Running from C:\Users\a\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-16 07:10:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

a (S-1-5-21-3937493476-1769225534-2793801471-1001 - Administrator - Enabled) => C:\Users\a
Administrator (S-1-5-21-3937493476-1769225534-2793801471-500 - Administrator - Disabled)
Guest (S-1-5-21-3937493476-1769225534-2793801471-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3937493476-1769225534-2793801471-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Capture 7.5 (HKLM-x32\...\FastStone Capture) (Version: 7.5 - FastStone Soft)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk (remove only) (HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IPCMonitor_en version 1.0.1.4 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.4 - IPCMonitor, Inc.)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.01.0000 - Jasc Software Inc)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Lexmark 1300 Series (HKLM\...\Lexmark 1300 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Predator CNC Editor 2005 for BobCAD (HKLM-x32\...\{65F427F7-1326-4B4D-B71F-28A0B7DA3D50}) (Version: 7.00 - Predator Software, Inc.)
Predator Virtual CNC 2007 for BobCAD (HKLM-x32\...\{DA079F3C-A720-4B23-A8C1-DC386695CDE7}) (Version: 7.00 - Predator Software Inc.)
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{B722B235-7C2E-46B0-8DA8-69B01FE5E886}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.21 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3937493476-1769225534-2793801471-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\a\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3937493476-1769225534-2793801471-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\a\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3937493476-1769225534-2793801471-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\a\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A141DE7-D775-402E-866F-5B0679F76FD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {15FEC0F6-E85E-49FC-BE75-78F7FB2199E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001UA => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1C4E28FB-3C45-4F23-9C37-F3DAE4C90754} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {65420E42-1C01-45DD-BD7A-AE4937879FB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {671BDB04-1649-4A74-86C3-B7B28A88CB49} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001Core => C:\Users\a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {72AAB1BA-57AC-47A9-90EA-C512E75DE724} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {84729390-5154-472F-81D0-BD309C260788} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {CB95F997-D34E-4211-8CEF-A621AB76F750} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001Core => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EF88BF96-3CBC-42B9-99EB-FA164B74646B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {FD77B524-698E-4A0D-81B8-3ED423F62A46} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001UA => C:\Users\a\AppData\Local\Facebook\Update\FacebookUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001Core.job => C:\Users\a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001UA.job => C:\Users\a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001Core.job => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937493476-1769225534-2793801471-1001UA.job => C:\Users\a\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\a\Desktop\autorun - Shortcut.lnk -> C:\learnqcadv2 (D)\autorun.bat ()
Shortcut: C:\Users\a\AppData\Local\Microsoft\Windows\GameExplorer\{d328d732-db03-4125-9313-bd93d1b7de67}\SupportTasks\0\More Games.lnk -> hxxp://acer.wildgames.com/?dp=acerlt&mc=gameexplorer_support
Shortcut: C:\Users\a\AppData\Local\Microsoft\Windows\GameExplorer\{747e6689-26ae-405c-85e2-b290d03363a2}\SupportTasks\0\More Games.lnk -> hxxp://acer.wildgames.com/?dp=acerlt&mc=gameexplorer_support
Shortcut: C:\Users\a\AppData\Local\Microsoft\Windows\GameExplorer\{6e00e027-cee6-4bd3-8d34-12e549b1179e}\SupportTasks\0\More Games.lnk -> hxxp://acer.wildgames.com/?dp=acerlt&mc=gameexplorer_support
Shortcut: C:\Users\a\AppData\Local\Microsoft\Windows\GameExplorer\{65333b4c-bd03-4542-a90b-9b5b9dab8357}\SupportTasks\0\More Games.lnk -> hxxp://acer.wildgames.com/?dp=acerlt&mc=gameexplorer_support

ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001

==================== Loaded Modules (Whitelisted) ==============

2011-07-18 07:58 - 2007-01-18 06:23 - 00125952 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdcdrpp.dll
2010-06-28 17:20 - 2010-06-28 17:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 17:12 - 2010-06-28 17:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2012-12-27 06:34 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2012-12-27 06:34 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2012-12-27 06:34 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-12-27 06:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2012-12-27 06:34 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3937493476-1769225534-2793801471-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\a\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38E872C0-8EFE-4A67-9C6C-0022D708666F}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{A5013262-15D7-4934-9246-2727003EB7D6}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{EFCD7449-013C-492D-A4C5-6D2879C230D2}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{256D3D30-4AE8-4AAC-8817-8940E0CA0824}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{AF469874-FD3D-4C3B-BE6C-BD45DCE3B28C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{2C1459B9-50E8-4F0E-A705-DDC097B44684}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{052FEBC3-EBF1-44D3-B8F5-7B4439C6CBA6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{762E9785-D4FF-49ED-A347-10944CBC3B77}] => (Allow) svchost.exe
FirewallRules: [{079F1146-14F8-4A27-B15B-B987CB8B6504}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A49A5C34-CE12-4984-A318-436FD7EECB25}] => (Allow) C:\Windows\SysWOW64\lxdccoms.exe
FirewallRules: [{7CB20179-E0BF-49AB-8094-C3A953916F04}] => (Allow) C:\Windows\SysWOW64\lxdccoms.exe
FirewallRules: [{F4662155-8638-49E5-9632-F7C71A2CE78C}] => (Allow) C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
FirewallRules: [{95E76F6B-3D53-4CEB-A04E-714BD0100332}] => (Allow) C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
FirewallRules: [{38689204-2499-4148-80F3-D0E80DD1098D}] => (Allow) C:\Program Files (x86)\Lexmark 1300 Series\App4R.exe
FirewallRules: [{E6ED3DD1-CFE0-4B58-B23E-A0102A9A51C7}] => (Allow) C:\Program Files (x86)\Lexmark 1300 Series\App4R.exe
FirewallRules: [{B6B70CAE-2BEF-4D6B-8AEB-35B57621F9B3}] => (Allow) C:\Windows\System32\lxdccoms.exe
FirewallRules: [{973400E0-FFE7-4386-BA72-4929DA73E828}] => (Allow) C:\Windows\System32\lxdccoms.exe
FirewallRules: [{B482C0FF-E4A2-4E39-866F-B9A0C48EFA8C}] => (Allow) LPort=135
FirewallRules: [{4D7987ED-7619-4CCA-845A-1D4DC31B3767}] => (Allow) LPort=5000
FirewallRules: [{BCE02C4E-450B-4922-B62A-217610505F68}] => (Allow) LPort=5001
FirewallRules: [{94A5659A-805F-4E43-8661-07DFB9F855DD}] => (Allow) LPort=5002
FirewallRules: [{48751ACD-467D-450B-A665-47B3458C1AF6}] => (Allow) LPort=5003
FirewallRules: [{C8EAEFDB-CE0E-4605-A650-6F14EC41BC69}] => (Allow) LPort=5004
FirewallRules: [{5EF4219C-852F-4192-94BE-567C640C7207}] => (Allow) LPort=5005
FirewallRules: [{EA1325DD-BAF8-4A37-9946-29C8713B4C66}] => (Allow) LPort=5006
FirewallRules: [{736741CC-F52B-48F1-B10C-34136BDF557B}] => (Allow) LPort=5007
FirewallRules: [{B3AE154B-08D2-4C97-B1EC-3107F3480DD2}] => (Allow) LPort=5008
FirewallRules: [{B294C43F-DE37-4414-AF40-8A345D273D52}] => (Allow) LPort=5009
FirewallRules: [{2725D355-B3C6-4AB0-9004-F69CB7113987}] => (Allow) LPort=5010
FirewallRules: [{4F142019-87D2-4B93-8C1F-37834A7FCE14}] => (Allow) LPort=5011
FirewallRules: [{B3F10707-7612-4BF7-9EBA-850E02E19178}] => (Allow) LPort=5012
FirewallRules: [{9CF7A59D-A9FF-46C9-AE29-1D986CF11665}] => (Allow) LPort=5013
FirewallRules: [{E51771A7-EAE6-48C2-892E-2A35F96378F6}] => (Allow) LPort=5014
FirewallRules: [{4A5CE0ED-374A-4114-A68A-AA3AA7C79386}] => (Allow) LPort=5015
FirewallRules: [{78397A8B-95FA-4686-81ED-356215291937}] => (Allow) LPort=5016
FirewallRules: [{362257FE-03DD-43BC-810E-FC88508C3A90}] => (Allow) LPort=5017
FirewallRules: [{7563E6CF-4A1D-4859-BCAA-1F7476B13DEC}] => (Allow) LPort=5018
FirewallRules: [{32DF53C8-C3E5-4526-B005-01F67F7F7B31}] => (Allow) LPort=5019
FirewallRules: [{F86F9DA6-0624-4D6C-9F90-8BC50E588014}] => (Allow) LPort=5020
FirewallRules: [{B978C0A5-22E8-41E4-AE21-B45A6547B7F1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcpswx.exe
FirewallRules: [{4260712F-B439-4028-9C34-75236475BE3F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcpswx.exe
FirewallRules: [{4B7548E1-216C-435E-90FA-E84F7E69F511}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcjswx.exe
FirewallRules: [{B725124B-4B79-4C95-9C55-8A61A842E4B8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcjswx.exe
FirewallRules: [{82E0916D-8B71-4011-9FC9-69C3C3537F55}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdctime.exe
FirewallRules: [{803486AC-64CD-41BD-AB1C-75DF2C65D45D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdctime.exe
FirewallRules: [{8466599A-C760-4E87-BDCA-ADEE5C0661B6}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{A4FE8676-D32F-44A3-9188-C52F9049D77D}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{00BAB315-9538-42E5-A85E-3DE221C5FC5F}] => (Allow) C:\Users\a\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{C85AFFD0-2CEA-4774-B1C9-3852ECB939CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2403EED0-05FE-4C4C-A8E6-E092941E42C1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E12357A-ED07-42DA-8237-E200AE72E037}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{07995FB0-1CA8-4094-8D46-780C3C7C0258}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AEFE1B8-18C4-457E-95BB-8248B0A98E34}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcpswx.exe
FirewallRules: [{26BF30E5-3D21-4539-A5C9-EA087161EED3}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcpswx.exe
FirewallRules: [{5719D125-9AB4-468A-AC44-20C4F02D3CEB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcjswx.exe
FirewallRules: [{D1CF5EA9-88D8-4FA1-BFCD-966DB30EAE95}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdcjswx.exe
FirewallRules: [{07DE5E56-17B0-4EF4-A3FA-1870FCF2D358}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdctime.exe
FirewallRules: [{8D8FF9E4-8A2C-403E-AB1A-EB9979B1A8E2}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdctime.exe
FirewallRules: [{2061AD4C-3225-40DD-ABB9-48721E9DA46E}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe
FirewallRules: [{90B0B054-BC4E-4787-9645-4F9F875755FF}] => (Allow) LPort=5357
FirewallRules: [{4EC3FDD3-5B83-4F02-930B-48DB484CCC5B}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EFBFA49B-FA4D-415A-919E-BB8676696F15}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

02-08-2016 21:43:54 Windows Update
06-08-2016 21:53:09 Windows Update
12-08-2016 21:39:54 Windows Update
14-08-2016 16:12:55 Windows Update
16-08-2016 21:58:31 Windows Update
23-08-2016 21:16:54 Windows Update
26-08-2016 21:20:01 Windows Update
30-08-2016 21:19:23 Windows Update
02-09-2016 22:18:45 Windows Update
07-09-2016 20:41:23 Windows Update
13-09-2016 10:41:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2016 07:38:57 AM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (09/09/2016 09:29:05 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (09/09/2016 06:37:39 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (08/15/2016 06:30:42 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (08/06/2016 09:30:41 AM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (07/31/2016 09:30:43 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (07/31/2016 06:29:05 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (07/31/2016 03:40:09 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (07/30/2016 09:29:06 PM) (Source: Google Update) (EventID: 20) (User: a-PC)
Description: Event-ID 20

Error: (07/17/2016 06:26:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18345, time stamp: 0x573de6e7
Faulting module name: RPCRT4.dll, version: 6.1.7601.23452, time stamp: 0x5734ba1c
Exception code: 0xc0000005
Fault offset: 0x000000000001d3fc
Faulting process id: 0xfb8
Faulting application start time: 0x01d1e01df7d34f60
Faulting application path: C:\Windows\System32\GWX\GWXUX.exe
Faulting module path: C:\Windows\system32\RPCRT4.dll
Report Id: 3fc3c96f-4c11-11e6-ae4d-206a8a206870


System errors:
=============
Error: (09/13/2016 10:35:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdcCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/13/2016 10:35:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdcCATSCustConnectService service to connect.

Error: (09/13/2016 10:34:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/13/2016 10:34:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/13/2016 10:33:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/13/2016 10:33:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/13/2016 10:33:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/13/2016 10:33:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/13/2016 10:33:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/13/2016 10:33:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Updater Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 2804.5 MB
Available physical RAM: 1512.33 MB
Total Virtual: 5607.18 MB
Available Virtual: 4177.12 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:219.6 GB) (Free:129.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: BB76BB76)
Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by hamluis, 15 September 2016 - 01:20 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:29 AM

Posted 15 September 2016 - 05:20 PM

Hi,

 

Dont see at a glance, anything that looks like malware.

How are you measuring the bandwidth?

Might also include local (LAN) traffic and elevate the results for the total.

 

No netflix streaming or file sharing going on? I see some games on there but dont realyt know if there online type games. Just throwing out a few things. I will get a better look at the logs.

 

So did Adwcleaner and MBAM come up clean after a scan?

Usually only on line once or twice per day so you may not get a response back from me until the following day.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users