Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS:Includer-BOF [Trj] hijacked my popular sites; redirects Chrome to susp. sites


  • This topic is locked This topic is locked
26 replies to this topic

#1 Disceli

Disceli

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 November 2016 - 07:13 PM

Hi,
 
I can't access certain sites owing to Avast Anti-vir detecting a trojan infection - "JS:Includer-BOF".  The browser tabs display blank pages.  When I try to reach the sites via Google links, I'm redirected to what I assume are malicious sites, which are impossible to leave, save for closing the tab.

 

All help is gratefully appreciated.  Thanks.

 

AdwCleaner 6.3.0 detects 3 registry entries, but I have left them in place.

 

# AdwCleaner v6.030 - Logfile created 21/11/2016 at 20:48:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-21.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dad - DAD-PC
# Running from : C:\Users\Dad\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1267 Bytes] - [21/11/2016 20:48:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1340 Bytes] ##########
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Dad (administrator) on DAD-PC (21-11-2016 21:14:02)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\Zentimo\ZentimoService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\AnVir.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DuckLink Software) C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Subhra Das Gupta) C:\Users\Dad\AppData\Local\XDM\xdm.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(SSC Localization Group) C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [SSC Service Utility] => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [AnVir Task Manager] => C:\Program Files (x86)\AnVir Task Manager\anvir.exe [6071480 2012-02-22] (AnVir Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [9385648 2016-01-04] (DonationCoder)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1946800 2016-10-13] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [XDM] => C:\Users\Dad\AppData\Local\XDM\xdm.exe [741376 2015-11-01] (Subhra Das Gupta)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-08] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\FastStone Capture.lnk [2015-06-13]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-1050699504-4118538850-2090742069-1001] => hxxp://127.0.0.1:9614/proxy.pac
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D84CC179-7300-49EA-AD34-D1E5D606AEE7}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-10-13] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-16] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: e50b4zms.default
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default [2016-11-21]
FF Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\Extensions\eagleget_ffext@eagleget.com.xpi [2016-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-08]
FF HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dad\AppData\Local\XDM\xdmff
FF Extension: (XDM Helper) - C:\Users\Dad\AppData\Local\XDM\xdmff [2015-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2016-08-01] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-19] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default [2016-11-21]
CHR Extension: (Google Slides) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-28]
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-28]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08]
CHR Extension: (Cashback Notifier - TopCashback) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekeeeebmbhkkjcaoicinbdjmklipppkj [2016-01-21]
CHR Extension: (Full Page Screen Capture) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-04]
CHR Extension: (Google Sheets) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-28]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Avast Online Security) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-28]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-09-27]
CHR Extension: (Flubit Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfdokopehhkecohfljakjagcgohinnc [2016-05-07]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-10-11]
CHR Extension: (Ghostery) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-10-31]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Print Friendly & PDF) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-04-29]
CHR Extension: (HubSpot Sales) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-11-03]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR Extension: (History Trends Unlimited) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2016-01-25]
CHR HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-16]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-08] (AVAST Software)
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247472 2016-10-13] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-26] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [555844 2011-12-09] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-06-20] (Zemana Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-05-26] (Windows ® Codename Longhorn DDK provider)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-07] (Digiarty Software, Inc.)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77424 2016-10-06] (eagleGet)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 epp64; C:\EEK\bin\epp64.sys [138504 2016-04-16] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-21 21:14 - 2016-11-21 21:15 - 00029527 _____ C:\Users\Dad\Desktop\FRST.txt
2016-11-21 21:13 - 2016-11-21 21:14 - 00000000 ____D C:\FRST
2016-11-21 21:10 - 2016-11-21 21:10 - 02412544 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2016-11-21 20:45 - 2016-11-21 20:48 - 00000000 ____D C:\AdwCleaner
2016-11-21 20:44 - 2016-11-21 20:44 - 03910208 _____ C:\Users\Dad\Downloads\AdwCleaner.exe
2016-11-16 22:36 - 2016-11-20 20:30 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Mozilla
2016-11-16 22:31 - 2016-11-16 22:31 - 00001717 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-16 22:31 - 2016-11-16 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-16 22:30 - 2016-11-16 22:31 - 00000000 ____D C:\Program Files\iTunes
2016-11-16 22:30 - 2016-11-16 22:30 - 00000000 ____D C:\Program Files\iPod
2016-11-15 19:22 - 2016-11-15 19:23 - 17790683 _____ C:\Users\Dad\Downloads\airjet_movie.wmv
2016-11-08 22:54 - 2016-11-08 22:54 - 00076583 _____ C:\Users\Dad\Downloads\facture199641731.PDF
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-21 21:14 - 2014-03-31 20:45 - 00000000 ____D C:\Users\Dad\AppData\Roaming\NetSpeedMonitor
2016-11-21 21:00 - 2015-04-28 23:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 20:42 - 2015-02-14 18:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-21 17:52 - 2009-07-14 04:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-21 17:52 - 2009-07-14 04:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 03:12 - 2015-03-27 17:23 - 00000000 ____D C:\Users\Dad\AppData\Roaming\vlc
2016-11-20 23:44 - 2012-09-08 21:44 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C613D74-CEEC-477F-BF08-7A7D5DD8C6CC}
2016-11-20 23:00 - 2015-04-28 23:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-19 23:34 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-19 23:34 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-11-19 23:33 - 2011-02-20 22:02 - 00000000 ____D C:\FILES
2016-11-18 19:51 - 2015-10-03 16:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-17 19:20 - 2011-07-20 13:36 - 00003296 _____ C:\Windows\System32\Tasks\WizMouse
2016-11-17 00:10 - 2012-08-16 22:10 - 00000000 ____D C:\ERRORS
2016-11-16 22:46 - 2014-06-07 05:05 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2016-11-16 22:43 - 2012-01-26 06:15 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize.job
2016-11-16 22:42 - 2011-06-01 18:57 - 00000031 _____ C:\Windows\system32\bbcap.err
2016-11-16 22:42 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-16 22:38 - 2015-04-13 16:51 - 00014490 _____ C:\Windows\CUAppUsage.Dat
2016-11-16 22:36 - 2015-04-21 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-16 22:35 - 2015-02-14 18:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-16 22:35 - 2014-04-16 17:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-16 22:35 - 2014-04-16 17:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-16 22:34 - 2012-01-18 18:58 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-16 22:34 - 2010-04-21 11:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-16 22:30 - 2013-01-06 22:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-15 23:08 - 2015-08-05 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-15 23:08 - 2015-08-05 23:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-15 23:08 - 2015-02-23 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-11 00:03 - 2015-04-28 23:54 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 00:03 - 2015-04-28 23:54 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-07 20:21 - 2015-05-17 01:17 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-04 17:34 - 2015-08-30 18:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-01 17:29 - 2010-12-25 13:50 - 00000000 ____D C:\Users\Dad\AppData\Local\Google
2016-10-30 23:51 - 2012-07-26 02:13 - 00000000 ____D C:\Windows\Minidump
2016-10-30 23:51 - 2010-05-17 19:21 - 00384295 ____N C:\Windows\Minidump\103016-31340-01.dmp
2016-10-28 17:07 - 2015-04-25 16:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-10-23 18:25 - 2015-05-16 21:40 - 00000000 ____D C:\Program Files\Java
2016-10-23 18:25 - 2015-04-16 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-23 18:24 - 2015-05-16 21:40 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-10-23 18:09 - 2015-04-16 16:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-23 17:34 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2011-03-09 03:44 - 2013-09-13 01:23 - 0001342 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2015-01-04 03:07 - 2015-01-04 03:07 - 0211620 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-01-04 03:07 - 2015-01-04 03:07 - 0260404 _____ () C:\Users\Dad\AppData\Local\census.cache
2012-09-30 19:22 - 2012-09-30 19:22 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 01:38 - 2014-01-19 01:38 - 0000058 _____ () C:\Users\Dad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-06-17 05:01 - 2014-06-17 05:01 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2013-02-12 06:17 - 2013-02-12 06:17 - 0005020 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2015-04-29 15:45 - 2015-04-29 15:45 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-12-30 02:13 - 2014-12-30 02:13 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2013-01-06 04:29 - 2013-01-17 04:43 - 0000040 ___SH () C:\ProgramData\.zreglib
2010-04-21 10:41 - 2010-01-27 14:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
 
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\ZAL17E4.exe
C:\Users\Dad\AppData\Local\Temp\ZAL4FC5.exe
C:\Users\Dad\AppData\Local\Temp\ZAL6097.exe
C:\Users\Dad\AppData\Local\Temp\ZAL8B7D.exe
C:\Users\Dad\AppData\Local\Temp\ZALABD9.exe
C:\Users\Dad\AppData\Local\Temp\ZALF97B.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-26 11:01
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   38.34KB   2 downloads

 

 



BC AdBot (Login to Remove)

 


#2 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 November 2016 - 07:45 PM

Apologies for posting this twice.  I continually received "ERROR" on a blank page, after clicking "Post", so didn't think it had posted.  I'm using another laptop to post this reply.

 

Only this second post appears to have included the attached "Addition.txt".



#3 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 November 2016 - 07:51 PM

My god, each attempt to post this appears to have worked.  Sorry for the multiple posts.

 

How do I close the other ones?



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 26 November 2016 - 07:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632779 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 26 November 2016 - 08:28 PM

Unfortunately, I don't have the original Win 7 DVD.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Dad (administrator) on DAD-PC (27-11-2016 01:19:03)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\Zentimo\ZentimoService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\AnVir.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(DuckLink Software) C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Subhra Das Gupta) C:\Users\Dad\AppData\Local\XDM\xdm.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(SSC Localization Group) C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NirSoft) C:\PROGRAMS\Chrome Cache View\ChromeCacheView.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [SSC Service Utility] => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [AnVir Task Manager] => C:\Program Files (x86)\AnVir Task Manager\anvir.exe [6071480 2012-02-22] (AnVir Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [9385648 2016-01-04] (DonationCoder)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1946800 2016-10-13] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [XDM] => C:\Users\Dad\AppData\Local\XDM\xdm.exe [741376 2015-11-01] (Subhra Das Gupta)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-08] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\FastStone Capture.lnk [2015-06-13]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-1050699504-4118538850-2090742069-1001] => hxxp://127.0.0.1:9614/proxy.pac
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D84CC179-7300-49EA-AD34-D1E5D606AEE7}: [DhcpNameServer] 192.168.1.254
ManualProxies: 0hxxp://127.0.0.1:9614/proxy.pac
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2016-10-13] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-16] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: e50b4zms.default
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default [2016-11-26]
FF Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\Extensions\eagleget_ffext@eagleget.com.xpi [2016-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-08]
FF HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Dad\AppData\Local\XDM\xdmff
FF Extension: (XDM Helper) - C:\Users\Dad\AppData\Local\XDM\xdmff [2015-05-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2016-08-01] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-19] (Coupons, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default [2016-11-27]
CHR Extension: (Google Slides) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-28]
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-28]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-08]
CHR Extension: (Cashback Notifier - TopCashback) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekeeeebmbhkkjcaoicinbdjmklipppkj [2016-01-21]
CHR Extension: (Full Page Screen Capture) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-04]
CHR Extension: (Google Sheets) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-28]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Avast Online Security) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-28]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-09-27]
CHR Extension: (Flubit Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfdokopehhkecohfljakjagcgohinnc [2016-05-07]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-11-26]
CHR Extension: (Ghostery) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-10-31]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Print Friendly & PDF) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-04-29]
CHR Extension: (HubSpot Sales) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-11-26]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-29]
CHR Extension: (History Trends Unlimited) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2016-01-25]
CHR HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-16]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-08] (AVAST Software)
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247472 2016-10-13] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-26] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [555844 2011-12-09] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-06-20] (Zemana Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-05-26] (Windows ® Codename Longhorn DDK provider)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-07] (Digiarty Software, Inc.)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77424 2016-10-06] (eagleGet)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 epp64; C:\EEK\bin\epp64.sys [138504 2016-04-16] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-27 01:19 - 2016-11-27 01:19 - 00029757 _____ C:\Users\Dad\Desktop\FRST.txt
2016-11-27 01:18 - 2016-11-27 01:18 - 00000000 ____D C:\Users\Dad\Desktop\FRST-OlderVersion
2016-11-21 21:13 - 2016-11-27 01:19 - 00000000 ____D C:\FRST
2016-11-21 21:10 - 2016-11-27 01:18 - 02412032 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2016-11-21 20:45 - 2016-11-21 20:48 - 00000000 ____D C:\AdwCleaner
2016-11-21 20:44 - 2016-11-21 20:44 - 03910208 _____ C:\Users\Dad\Downloads\AdwCleaner.exe
2016-11-16 22:36 - 2016-11-20 20:30 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Mozilla
2016-11-16 22:31 - 2016-11-16 22:31 - 00001717 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-16 22:31 - 2016-11-16 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-16 22:30 - 2016-11-16 22:31 - 00000000 ____D C:\Program Files\iTunes
2016-11-16 22:30 - 2016-11-16 22:30 - 00000000 ____D C:\Program Files\iPod
2016-11-15 19:22 - 2016-11-15 19:23 - 17790683 _____ C:\Users\Dad\Downloads\airjet_movie.wmv
2016-11-08 22:54 - 2016-11-08 22:54 - 00076583 _____ C:\Users\Dad\Downloads\facture199641731.PDF
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-27 01:19 - 2014-03-31 20:45 - 00000000 ____D C:\Users\Dad\AppData\Roaming\NetSpeedMonitor
2016-11-27 01:00 - 2015-04-28 23:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-27 00:42 - 2015-02-14 18:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-26 23:09 - 2009-07-14 04:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 23:09 - 2009-07-14 04:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 23:05 - 2014-06-07 05:05 - 00000000 ____D C:\Users\Dad\AppData\Local\CrashDumps
2016-11-26 23:04 - 2011-07-20 13:36 - 00003296 _____ C:\Windows\System32\Tasks\WizMouse
2016-11-26 23:03 - 2015-04-28 23:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 23:03 - 2012-01-26 06:15 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize.job
2016-11-26 23:00 - 2011-06-01 18:57 - 00000031 _____ C:\Windows\system32\bbcap.err
2016-11-26 23:00 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 22:48 - 2015-04-13 16:51 - 00014486 _____ C:\Windows\CUAppUsage.Dat
2016-11-26 18:01 - 2012-09-08 21:44 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C613D74-CEEC-477F-BF08-7A7D5DD8C6CC}
2016-11-26 02:53 - 2015-03-27 17:23 - 00000000 ____D C:\Users\Dad\AppData\Roaming\vlc
2016-11-23 18:58 - 2015-10-03 16:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-22 20:04 - 2015-08-05 23:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-22 00:08 - 2009-07-14 05:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 00:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-11-19 23:33 - 2011-02-20 22:02 - 00000000 ____D C:\FILES
2016-11-17 00:10 - 2012-08-16 22:10 - 00000000 ____D C:\ERRORS
2016-11-16 22:36 - 2015-04-21 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-16 22:35 - 2015-02-14 18:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-16 22:35 - 2014-04-16 17:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-16 22:35 - 2014-04-16 17:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-16 22:34 - 2012-01-18 18:58 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-16 22:34 - 2010-04-21 11:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-16 22:30 - 2013-01-06 22:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-15 23:08 - 2015-08-05 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-15 23:08 - 2015-02-23 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-11 00:03 - 2015-04-28 23:54 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-11 00:03 - 2015-04-28 23:54 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-07 20:21 - 2015-05-17 01:17 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-04 17:34 - 2015-08-30 18:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-01 17:29 - 2010-12-25 13:50 - 00000000 ____D C:\Users\Dad\AppData\Local\Google
2016-10-30 23:51 - 2012-07-26 02:13 - 00000000 ____D C:\Windows\Minidump
2016-10-30 23:51 - 2010-05-17 19:21 - 00384295 ____N C:\Windows\Minidump\103016-31340-01.dmp
2016-10-28 17:07 - 2015-04-25 16:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
 
==================== Files in the root of some directories =======
 
2011-03-09 03:44 - 2013-09-13 01:23 - 0001342 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2015-01-04 03:07 - 2015-01-04 03:07 - 0211620 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-01-04 03:07 - 2015-01-04 03:07 - 0260404 _____ () C:\Users\Dad\AppData\Local\census.cache
2012-09-30 19:22 - 2012-09-30 19:22 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 01:38 - 2014-01-19 01:38 - 0000058 _____ () C:\Users\Dad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-06-17 05:01 - 2014-06-17 05:01 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2013-02-12 06:17 - 2013-02-12 06:17 - 0005020 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2015-04-29 15:45 - 2015-04-29 15:45 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-12-30 02:13 - 2014-12-30 02:13 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2013-01-06 04:29 - 2013-01-17 04:43 - 0000040 ___SH () C:\ProgramData\.zreglib
2010-04-21 10:41 - 2010-01-27 14:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
 
Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\ZAL17E4.exe
C:\Users\Dad\AppData\Local\Temp\ZAL4FC5.exe
C:\Users\Dad\AppData\Local\Temp\ZAL6097.exe
C:\Users\Dad\AppData\Local\Temp\ZAL80E3.exe
C:\Users\Dad\AppData\Local\Temp\ZAL8B7D.exe
C:\Users\Dad\AppData\Local\Temp\ZALABD9.exe
C:\Users\Dad\AppData\Local\Temp\ZALF97B.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-26 11:01
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   38.54KB   1 downloads
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Dad (27-11-2016 01:19:57)
Running from C:\Users\Dad\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-25 13:38:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1050699504-4118538850-2090742069-500 - Administrator - Disabled)
Dad (S-1-5-21-1050699504-4118538850-2090742069-1001 - Administrator - Enabled) => C:\Users\Dad
Guest (S-1-5-21-1050699504-4118538850-2090742069-501 - Limited - Disabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AntiLogger (HKLM-x32\...\AntiLogger) (Version: - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.525 - Zemana Ltd.) Hidden
A-PDF Page Cut (HKLM-x32\...\A-PDF Page Cut_is1) (Version: - A-PDF Solution)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
BDlot DVD Clone Ultimate 3.1.0 (HKLM\...\BDlot DVD Clone Ultimate_is1) (Version: - LotSoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
COMODO Programs Manager (HKLM\...\{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}) (Version: 1.3_build_30 - COMODO)
Coupon Printer (HKLM-x32\...\Coupon Printer2.2.1.6) (Version: 2.2.1.6 - Coupons.com Inc.)
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
EagleGet version 2.0.4.16 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.16 - EagleGet)
EaseUS Data Recovery Wizard 9.5 (HKLM\...\EaseUS Data Recovery Wizard 9.5_is1) (Version: - EaseUS)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FastStone Capture 5.3 (HKLM-x32\...\FastStone Capture) (Version: 5.3 - FastStone Soft)
File Identifier (HKLM-x32\...\{C257E434-E8F1-4E06-A616-598E4933553E}_is1) (Version: 1.0.8 - Sharpened Productions)
File Viewer Lite (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.3.2 - Sharpened Productions)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kvisoft PDF Splitter (HKLM-x32\...\Kvisoft PDF Splitter_is1) (Version: - Kvisoft Co.,Ltd.)
LibreOffice 5.1 Help Pack (English (United States)) (HKLM-x32\...\{FC6E1BC9-F229-4A60-889E-3B1E94BF7E86}) (Version: 5.1.3.2 - The Document Foundation)
LibreOffice 5.1.3.2 (HKLM-x32\...\{5F7475A1-6240-4753-BE3E-61499621EC42}) (Version: 5.1.3.2 - The Document Foundation)
Linn Download Manager (HKLM-x32\...\com.linnrecords.DownloadManager) (Version: 1.2.1 - Linn Products Ltd)
Linn Download Manager (x32 Version: 1.2.1 - Linn Products Ltd) Hidden
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: - )
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-GB)) (Version: 50.0 - Mozilla)
NeoDownloader 2.9.5 (HKLM-x32\...\{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1) (Version: 2.9.5 - Neowise Software)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
PDFMate Free PDF Merger 1.0.9 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version: - pdfmate.com)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Screenshot Captor 4.16.1 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
Secunia PSI (2.0.0.4003) (HKLM-x32\...\Secunia PSI) (Version: 2.0.0.4003 - Secunia)
Secure Print@Home (HKLM-x32\...\{14D9A9D4-3E0D-45DB-BF2D-8C65160CCF35}) (Version: 3.19.2353.0 - Valassis)
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: - )
Should I Remove It (HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.1.1.0 - Carifred)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\WinDirStat) (Version: - )
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX DVD Copy Pro 3.6.3 (HKLM\...\WinX DVD Copy Pro_is1) (Version: - Digiarty Software,Inc.)
WinX DVD Ripper Platinum 7.5.10 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinX HD Video Converter Deluxe 5.0.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
WizMouse v1.7.0.3 (HKLM-x32\...\WizMouse_is1) (Version: - Antibody Software)
XBMC (HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\XBMC) (Version: - Team XBMC)
Xtreme Download Manager (HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\XDM) (Version: - )
Zoner Photo Studio 13 (HKLM\...\ZonerPhotoStudio13_EN_is1) (Version: 13.0.1.7 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{6d4c2238-c1b9-5d67-81d8-2cf6949997db}\InprocServer32 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet)
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 13\Program64\SHELLEXT.DLL (ZONER software)
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D783034-DF76-4366-A592-D3D9A0370E93} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"]
Task: {0ECC2F53-7928-444E-904A-E4179542D03E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
Task: {21EDFCD8-6B23-4DAC-864F-94975C3F4D6D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-08] (AVAST Software)
Task: {33D17B0E-7E31-4CDD-AD4F-327293DA79B0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-16] (Adobe Systems Incorporated)
Task: {43290BF7-843A-4573-8DAE-910499C8AF43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {64D2681F-23A1-4C1C-9F58-E30A25B747BC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {6E7BA7B3-3C21-438C-BA4F-E9540271040F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {86EAD266-8E8F-40C9-BD35-FC3B21D38E3A} - System32\Tasks\WizMouse => C:\Program Files (x86)\WizMouse\WizMouseLaunch.exe [2013-09-22] ()
Task: {AD2AC6F2-1072-4436-8FB6-A63969C86E74} - System32\Tasks\{0989CE3E-3DFC-4843-BD57-78C4853BFE93} => pcalua.exe -a "C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYTI7NPB\AdobeAIRInstaller[1].exe" -d C:\Users\Dad\Desktop
Task: {AF40FB83-9AB1-4C7D-8547-758608D2B8C8} - System32\Tasks\{C373E5EA-415A-4AC1-90E7-06B96EE0EB95} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {BF2B60BF-9081-408A-8A0A-CD19C9ED6706} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2011-12-27] (Glarysoft Ltd)
Task: {D260CFD9-9E2B-4C91-8A02-F0CC2E84425B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {E0E838DD-2042-4904-83CC-0BCBBF3F2381} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {E16271F0-E08E-4BC1-93B2-C03A276469FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {EA77B250-87DC-407C-8A84-40F369C6F811} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {EABB16AF-F6E0-46F0-BC4D-2D1BE09A036E} - System32\Tasks\{48408CA8-6EE0-494C-90B3-BE68F4751692} => pcalua.exe -a "C:\PROGRAMS\WinSplit Revolution 11.04\WinSplit-Revolution-v11.04.exe" -d C:\Users\Dad\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Acer Accessory Store.lnk -> C:\Program Files\Acer Accessory Store\StartURL.exe () -> hxxp://store.acer-euro.com/gb?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal

==================== Loaded Modules (Whitelisted) ==============

2011-12-13 03:30 - 2011-12-09 19:29 - 00555844 _____ () C:\Program Files (x86)\Zentimo\ZentimoService.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-05 15:11 - 2011-09-05 15:11 - 00116032 _____ () C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
2015-05-22 22:00 - 2016-10-13 10:41 - 00247472 _____ () C:\Program Files (x86)\EagleGet\EGMonitor.exe
2016-06-29 17:01 - 2012-01-20 13:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2010-05-17 19:32 - 2010-01-13 09:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2011-07-20 13:35 - 2013-09-22 09:27 - 00119000 _____ () C:\Program Files (x86)\WizMouse\wizmouse.exe
2007-02-13 00:31 - 2007-02-13 00:31 - 01111552 _____ () C:\Program Files (x86)\FastStone Capture\FSCapture.exe
2016-06-29 17:01 - 2012-01-29 15:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2016-05-08 13:37 - 2016-05-08 13:37 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-08 13:37 - 2016-05-08 13:37 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-26 18:00 - 2016-11-26 18:00 - 03134984 _____ () C:\Program Files\AVAST Software\Avast\defs\16112600\algo.dll
2016-05-08 13:37 - 2016-05-08 13:37 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-05-25 17:48 - 2011-04-22 17:25 - 00050056 _____ () C:\Program Files (x86)\EASEUS\Todo Backup\bin\CodeLog.dll
2011-05-25 17:48 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files (x86)\EASEUS\Todo Backup\bin\libxml2.dll
2011-05-25 17:48 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files (x86)\EASEUS\Todo Backup\bin\zlib1.dll
2015-05-22 22:00 - 2016-10-13 10:41 - 00998576 _____ () C:\Program Files (x86)\EagleGet\util.dll
2015-05-22 22:00 - 2014-07-23 23:55 - 00397312 _____ () C:\Program Files (x86)\EagleGet\sqlite3.dll
2010-03-09 00:18 - 2010-03-09 00:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 00:13 - 2010-03-09 00:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-21 10:34 - 2009-12-24 00:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-02-05 02:45 - 2011-10-30 14:28 - 00029696 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtSolutions_SingleApplication-head.dll
2014-02-05 02:45 - 2011-10-22 08:05 - 08343040 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtGui4.dll
2014-02-05 02:45 - 2011-08-28 20:41 - 02305536 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtCore4.dll
2014-02-05 02:45 - 2011-08-28 20:42 - 00862720 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtNetwork4.dll
2014-02-05 02:45 - 2011-10-30 14:28 - 00582144 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtSolutions_PropertyBrowser-head.dll
2014-02-05 02:45 - 2011-08-28 20:57 - 01339904 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtScript4.dll
2014-02-05 02:45 - 2011-08-28 21:50 - 00581120 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QtScriptTools4.dll
2014-02-05 02:45 - 2011-11-03 21:20 - 00617984 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QxtGui.dll
2014-02-05 02:45 - 2011-11-03 21:21 - 00395264 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\QxtCore.dll
2014-02-05 02:45 - 2011-08-28 21:51 - 00026624 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\plugins\imageformats\qgif4.dll
2014-02-05 02:45 - 2011-08-28 21:51 - 00029184 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\plugins\imageformats\qico4.dll
2014-02-05 02:45 - 2011-08-28 21:51 - 00200704 _____ () C:\Program Files (x86)\DuckLink\DuckCapture\plugins\imageformats\qjpeg4.dll
2015-05-22 22:00 - 2016-10-13 10:41 - 00225968 _____ () C:\Program Files (x86)\EagleGet\CrashRpt.dll
2015-05-22 22:00 - 2012-12-25 23:36 - 00053760 _____ () C:\Program Files (x86)\EagleGet\zlib.dll
2015-05-22 22:00 - 2016-10-13 10:41 - 00851120 _____ () C:\Program Files (x86)\EagleGet\ssl.dll
2016-01-21 23:55 - 2016-01-21 23:55 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-11 00:03 - 2016-11-08 20:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-11 00:03 - 2016-11-08 20:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2015-05-14 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2A5A7BBA-ED5B-4550-A719-D0C8F9F9C939}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{1EB388D1-2150-467A-8AFA-61FD15522962}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{67A51617-FF8C-47A1-9CD2-5B0D05D56469}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{B904F141-D85D-418C-9A2D-20CAC3B4DFFC}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{2676C326-801A-40B8-86E8-195A0C299E0A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{8C2E1DD2-C2F9-48B4-804F-906E0547ED63}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{522EB12D-917D-45DC-BF03-D70D967EA9DD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8BD0B57A-76E1-4704-8F7F-49EF3B0AFDEA}] => (Allow) svchost.exe
FirewallRules: [{752AF3BF-0F93-4628-845B-9B4499BBF3FA}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{578834FD-D491-4988-B55B-5394E4A1BFAF}C:\Program Files (x86)\Digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\AirPS.exe] => (Allow) C:\Program Files (x86)\Digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\AirPS.exe
FirewallRules: [UDP Query User{B85DA7A5-91E3-4965-A3AD-A774A6ABECD6}C:\Program Files (x86)\Digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\AirPS.exe] => (Allow) C:\Program Files (x86)\Digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\AirPS.exe
FirewallRules: [TCP Query User{466BBE9A-3D7D-4C66-87C9-7F8CB1D31A28}C:\program files (x86)\digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\airps.exe] => (Block) C:\program files (x86)\digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\airps.exe
FirewallRules: [UDP Query User{117A6C88-6EFD-47FD-A827-3844EBDE5503}C:\program files (x86)\digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\airps.exe] => (Block) C:\program files (x86)\digiarty\winx_dvd_ripper_platinum_streamer_edition\air_playit_server\airps.exe
FirewallRules: [TCP Query User{F0BB666F-DBA2-4394-944C-AC5E2ED6C478}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{CF412E1E-309A-4840-ABE6-D71FFAE3E2D1}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{9FE53712-C572-4B46-A4DF-C5A20709AC09}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{A4CC8304-08E8-46FF-9D53-A70FE0D3657C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{35343A16-95D6-4211-B312-B44D7207A190}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{8A7D6B45-0A20-454A-8A76-607C4E56B725}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{3368A5AF-55CB-47AB-8279-F4E668F98E76}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{3D7D40A7-AD14-4D81-AD08-2D854ACEFC78}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{59F84EEC-4C95-411F-B48F-5DF45F8578D5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{838F42D4-5B7A-4F45-9DB1-22881C4997A8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{EA0AE76B-6EB8-4048-997C-8DE91550BEF5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{06FD9AEF-B1E7-47C0-BD00-6C9EA96B0028}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{A16999A4-CA80-454C-921A-C89C99877071}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{5042FFAC-C93F-4EB0-98DA-3F083EAAD857}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [TCP Query User{CF35ACE2-54B5-45AD-989D-14D1056367E8}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{F7BEFA4A-D05C-4ED0-B60B-4EED7D93035D}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{A013DB27-4A4D-414D-9207-DCF00E3CDDB6}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{3089846E-ED71-4A50-AD19-8767B464EE08}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{5F86E778-A04D-427B-B528-00A533746F90}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{902CC7F5-B628-497B-BA79-7F195F3116BC}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{B302DBE8-5DFB-4E46-8FBB-934D7E72793E}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{5EAEABAF-34EB-4EA7-8DF0-3FAEC38734F3}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{C65F8BFF-3DCD-4939-8FDA-9876A9377553}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{AA5CED1B-90A6-4DC8-90F6-99CEABD26EF5}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{8DAF4B62-40A1-4E39-8430-4E0C109B048E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EFBAE87B-C18E-4C3F-9E43-551C9CDCA7D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77C1FD2A-C8FB-4E64-902C-84759A679949}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{135531F2-1118-4C11-B67C-9064AC0719A4}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{4A489320-3087-4614-A3EC-8F14EA8C5FCB}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{5BA05081-2267-4661-8605-B6CEBB8AAE59}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe
FirewallRules: [{1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D}] => (Allow) C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe
FirewallRules: [{0F8D3418-26D1-4364-93D5-40D4251A0552}] => (Allow) C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe
FirewallRules: [TCP Query User{F2C431D3-72DB-4925-97CE-A63EF178BFBF}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => (Allow) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [UDP Query User{EBE300D6-02B9-44B3-95F8-7C3D07CC16F6}C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe] => (Allow) C:\program files (x86)\bt broadband desktop help\btbb\ma\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{E959F18D-8B1B-4960-BD6E-89C960C118C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19D5FEDD-171C-4905-8C87-5169167936D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{652CA6EF-0BBE-4094-8EC8-B7BB13154635}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{47874C12-BF55-4464-9319-6414F9749335}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5333E8E2-A0A4-455F-BE78-D24C0FAAA391}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CAD5AA50-82FC-4559-B28C-CE37B39354DF}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

22-07-2016 23:52:08 Windows Modules Installer
01-08-2016 15:58:00 Windows Update
20-08-2016 08:37:30 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2016 11:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LManager.exe, version: 4.0.8.575, time stamp: 0x4bbd5915
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xf58
Faulting application start time: 0x01d248397580d541
Faulting application path: C:\Program Files (x86)\Launch Manager\LManager.exe
Faulting module path: unknown
Report Id: bb05fc2b-b42c-11e6-ba90-705ab6f26e41

Error: (11/26/2016 02:54:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13448

Error: (11/26/2016 02:54:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13448

Error: (11/26/2016 02:54:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/26/2016 02:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12418

Error: (11/26/2016 02:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12418

Error: (11/26/2016 02:54:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/26/2016 02:54:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11388

Error: (11/26/2016 02:54:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11388

Error: (11/26/2016 02:54:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/26/2016 11:01:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BT Help Wizard service terminated unexpectedly. It has done this 3 time(s).

Error: (11/26/2016 11:01:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BT Help Wizard service terminated with the following error:
%%-1

Error: (11/26/2016 11:01:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BT Help Wizard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/26/2016 11:01:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BT Help Wizard service terminated with the following error:
%%-1

Error: (11/26/2016 11:01:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BT Help Wizard service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (11/26/2016 11:00:53 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume ComodoEvdd encountered a non-retryable error and could not start. The data contains the error code.

Error: (11/26/2016 11:00:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BT Help Wizard service terminated with the following error:
%%-1

Error: (11/26/2016 11:00:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (11/19/2016 10:50:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.

Error: (11/16/2016 10:51:17 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


CodeIntegrity:
===================================
Date: 2016-11-17 16:43:20.655
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-17 16:43:20.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-17 16:43:20.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\_eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-17 20:17:52.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-17 20:17:51.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-17 20:17:51.069
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-16 21:16:19.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-16 21:16:18.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-16 21:16:18.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-06-16 21:16:17.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 69%
Total physical RAM: 7862.71 MB
Available physical RAM: 2371.57 MB
Total Virtual: 7925.92 MB
Available Virtual: 1853.62 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:126.7 GB) NTFS
Drive e: () (Removable) (Total:14.31 GB) (Free:10.3 GB) FAT32
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:0.52 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:849.98 GB) NTFS
Drive i: () (Removable) (Total:14.83 GB) (Free:14.53 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 10AD6EA1)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 14.3 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 3BD0EA10)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 8CE6393B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 28 November 2016 - 10:55 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 28 November 2016 - 11:13 AM

Greetings Disceli and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Which browser(s) are you having an issue with?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]
2010-04-21 10:41 - 2010-01-27 14:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
C:\Users\Dad\AppData\Local\Temp\ZAL17E4.exe
C:\Users\Dad\AppData\Local\Temp\ZAL4FC5.exe
C:\Users\Dad\AppData\Local\Temp\ZAL6097.exe
C:\Users\Dad\AppData\Local\Temp\ZAL80E3.exe
C:\Users\Dad\AppData\Local\Temp\ZAL8B7D.exe
C:\Users\Dad\AppData\Local\Temp\ZALABD9.exe
C:\Users\Dad\AppData\Local\Temp\ZALF97B.exe
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Which browser?
  • Fixlog
  • RogueKiller log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 28 November 2016 - 08:20 PM

My problem seems only to be with Chrome.  Firefox and IE appear unaffected.

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Dad (28-11-2016 23:41:17) Run:1
Running from C:\ERRORS\2016-11-16 TheConservativeWoman\2016-11-28 Bleeping Computer - Post #07
Loaded Profiles: Dad (Available Profiles: Dad & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]
2010-04-21 10:41 - 2010-01-27 14:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
C:\Users\Dad\AppData\Local\Temp\ZAL17E4.exe
C:\Users\Dad\AppData\Local\Temp\ZAL4FC5.exe
C:\Users\Dad\AppData\Local\Temp\ZAL6097.exe
C:\Users\Dad\AppData\Local\Temp\ZAL80E3.exe
C:\Users\Dad\AppData\Local\Temp\ZAL8B7D.exe
C:\Users\Dad\AppData\Local\Temp\ZALABD9.exe
C:\Users\Dad\AppData\Local\Temp\ZALF97B.exe
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dad\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
catchme => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
WISOVD => service removed successfully
C:\ProgramData\FullRemove.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZAL17E4.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZAL4FC5.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZAL6097.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZAL80E3.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZAL8B7D.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZALABD9.exe => moved successfully
C:\Users\Dad\AppData\Local\Temp\ZALF97B.exe => moved successfully
"HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1050699504-4118538850-2090742069-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 328653565 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 47018729 B
Edge => 0 B
Chrome => 838421183 B
Firefox => 35661589 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 322616 B
Dad => 210374041 B
Guest => 0 B
 
RecycleBin => 45140318 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:42:51 ====
 
 
 
 
 
 
RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dad [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/29/2016 00:19:27 (Duration : 00:46:55)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://127.0.0.1:9614/proxy.pac  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://127.0.0.1:9614/proxy.pac  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://127.0.0.1:9614/proxy.pac  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://127.0.0.1:9614/proxy.pac  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F8D3418-26D1-4364-93D5-40D4251A0552} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F8D3418-26D1-4364-93D5-40D4251A0552} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] fcbd2e5076a566dab61c02b3e1238f14
[BSP] 5e7744be6ebdcc768f23f03d42b3fdd8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14339 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29366820 | Size: 101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29575665 | Size: 290803 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: SanDisk Ultra Fit USB Device +++++
--- User ---
[MBR] 75f6f5a702e1e734f0af51b664391e29
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 14663 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: WD My Passport 0820 USB Device +++++
--- User ---
[MBR] 9fdaa9b20be99793e79a575ac6d61b6d
[BSP] acf294d95459c5e1dce2b93acd49bc1f : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: WD My Passport 0820 USB Device +++++
--- User ---
[MBR] c7c86e12b0d6defcdfef89aa6559bed1
[BSP] a9ea9b07df60c75156acbf1bbb806c3d : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
 

Attached File  Summary.zip   155.49KB   1 downloads

 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 28 November 2016 - 09:05 PM

Thank you.

Did you install this program?

Xtreme Download Manager

Please do this.

===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Install program?
  • Chrome performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 29 November 2016 - 01:49 PM

Yes, I installed Xtreme Download Manager.  I'd like to keep it, if possible.  I don't think it caused this problem, but I might be wrong.

 

I've reset Chrome and I seem to be able to access the blocked sites again and am not redirected to suspicious sites.

 

If I re-enabled the extensions, one by one, would the trojan re-appear?  I won't do this, until you instruct me.

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 29 November 2016 - 03:53 PM

Greetings,

You can keep Xtreme Download Manager. I asked because of some Proxy settings on your computer that are installed by that program. If you didn't download it I was going to reset the Proxy.

Yes, please try to bring Chrome back up to speed, tailoring it the way you want it. Let me know if you have any issues as a result of doing that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 29 November 2016 - 07:23 PM

I've re-enabled all the extensions that I use and everything seems fine. I'm no longer re-directed to suspicious sites either when I attempt to visit sites via the Chrome search/url bar or via links in Google Search.  I'm not sure why the problem has disappeared.  Do I still need to do a sweep with whatever security programs you can help me use?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 29 November 2016 - 08:26 PM

There are times when disabling then enabling add-ons resolves and underlying issue. I can't explain why, only tell you that it happens. I would like to monitor your computer for a day. In the meantime please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 November 2016 - 07:00 PM

Sorry for late reply, but I've had to type this on another laptop.  I'm unable to reply to this thread when using either Chrome, Firefox or IE11.  I can't access the forum at all in IE.  I get the following error:

 

2016_11_30_204948.jpg

 

Most of the text in most of the posts has disappeared and neither "Post" or "Reply to this topic" works.

 

I can still access the sites that I have tested, with the three browsers I've listed.

 

 

Emsisoft Emergency Kit - Version 11.9
Last update: 30/11/2016 02:21:06
User account: Dad-PC\Dad
Computer name: DAD-PC
OS version: Windows 7x64 Service Pack 1
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 30/11/2016 03:22:50
 
Scanned 74880
Found 0
 
Scan end: 30/11/2016 03:30:23
Scan time: 0:07:33
 
 
 
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (2.0.0.4003)   
 Java version 32-bit out of Date!
 Mozilla Firefox (50.0) 
 Google Chrome (54.0.2840.71) 
 Google Chrome (54.0.2840.99) 
 Google Chrome (plugins...) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log``````````````````````
 

 

.........................................................................

 

It's now 1hr 25 mins later and all the text is back, when the thread is viewed in Chrome and Firefox.  I now also can't login via IE11, alongside not being able to view the forum.


Edited by Disceli, 30 November 2016 - 08:29 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:40 PM

Posted 30 November 2016 - 09:24 PM

Please do this. If necessary, boot into Safe Mode with Networking.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Program Files (x86)\Launch Manager\LManager.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click Scan
  • When the Status box shows Scan Finished place a check mark in the following and select Delete

[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F8D3418-26D1-4364-93D5-40D4251A0552} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F8D3418-26D1-4364-93D5-40D4251A0552} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Found

  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 30 November 2016 - 11:21 PM

Virus Total

https://www.virustotal.com/en/file/d3de06e20c64917917541f31e132161f4cf9fb26bcb0214b1ceadb0cf7d3fb81/analysis/1480562055/

 

 

 

RogueKiller V12.8.3.0 (x64) [Nov 28 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dad [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/01/2016 03:17:58 (Duration : 00:52:50)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Deleted
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://127.0.0.1:9614/proxy.pac  -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://127.0.0.1:9614/proxy.pac  -> Not selected
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://127.0.0.1:9614/proxy.pac  -> Not selected
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://127.0.0.1:9614/proxy.pac  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F8D3418-26D1-4364-93D5-40D4251A0552} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1FE59C3E-B7D7-44ED-AEFB-D72827FEE58D} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F8D3418-26D1-4364-93D5-40D4251A0552} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dad\AppData\Local\Temp\nsf5FED.tmp\CnetInstaller-76168628.exe|Name=proinstaller684139491| [x] -> Deleted
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] fcbd2e5076a566dab61c02b3e1238f14
[BSP] 5e7744be6ebdcc768f23f03d42b3fdd8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14339 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29366820 | Size: 101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29575665 | Size: 290803 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] 2dd27a2bd9b0b305e974b4defc45b985
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: SanDisk Ultra Fit USB Device +++++
--- User ---
[MBR] 75f6f5a702e1e734f0af51b664391e29
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 14663 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users