Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mozilla not responding


  • This topic is locked This topic is locked
3 replies to this topic

#1 Campo7

Campo7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 29 January 2017 - 12:24 PM

comp keeps freezing mozilla not responding
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2017 01
Ran by Chris (administrator) on DELL-530 (29-01-2017 17:12:34)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-08-12] ()
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [uTorrent] => C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe [2237120 2017-01-16] (BitTorrent Inc.)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71}: [DhcpNameServer] 192.168.0.203
Tcpip\..\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-16] (RealPlayer)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: pc8viaz2.Default User
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pc8viaz2.Default User [2017-01-29]
FF Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pc8viaz2.Default User\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2016-10-23]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\pc8viaz2.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-05-06] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-08-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-30] (AVAST Software)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [295840 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31944 2015-09-11] (The OpenVPN Project)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 17:12 - 2017-01-29 17:12 - 00011643 _____ C:\Users\Chris\Desktop\FRST.txt
2017-01-29 17:12 - 2017-01-29 17:12 - 00000000 ____D C:\FRST
2017-01-29 17:11 - 2017-01-29 17:11 - 01762816 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2017-01-28 17:33 - 2017-01-28 17:33 - 04015056 _____ C:\Users\Chris\Downloads\adwcleaner_6.043.exe
2017-01-22 17:15 - 2017-01-22 17:15 - 00001978 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-01-22 17:15 - 2017-01-22 17:15 - 00001978 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2017-01-22 17:15 - 2017-01-22 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-01-22 17:15 - 2017-01-22 17:15 - 00000000 ____D C:\Program Files\Sophos
2017-01-17 19:20 - 2017-01-17 19:20 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\uTorrent
2017-01-17 19:14 - 2017-01-29 16:58 - 00000000 ____D C:\AdwCleaner
2017-01-16 10:51 - 2017-01-16 06:00 - 1167720448 _____ C:\Users\Chris\Downloads\new.mp4
2017-01-16 10:50 - 2017-01-16 11:24 - 735026018 _____ C:\Users\Chris\Downloads\og.avi
2017-01-16 10:47 - 2017-01-16 10:47 - 00000737 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-01-16 10:44 - 2017-01-17 19:21 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent
2017-01-12 03:03 - 2017-01-05 16:57 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 17:09 - 2016-02-24 14:25 - 00045056 _____ C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-29 16:47 - 2012-12-13 19:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-29 15:18 - 2006-11-02 12:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-29 15:18 - 2006-11-02 12:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-27 14:38 - 2016-11-18 04:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-23 11:44 - 2013-07-23 21:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2017-01-22 17:18 - 2012-01-11 21:38 - 00294365 _____ C:\Users\Chris\Downloads\vid2.3gp
2017-01-22 17:16 - 2012-01-11 20:22 - 07718796 _____ C:\Users\Chris\Downloads\33.MPG
2017-01-19 14:31 - 2016-11-19 22:46 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-01-17 19:20 - 2016-10-17 20:10 - 00298892 _____ C:\Windows\ntbtlog.txt
2017-01-17 19:19 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-01-17 19:18 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-17 19:17 - 2006-11-02 13:01 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-16 11:23 - 2016-08-13 22:55 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-16 10:45 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-01-16 10:45 - 2006-11-02 10:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-12 03:03 - 2013-08-14 02:08 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 03:00 - 2006-11-02 10:24 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-01-11 00:47 - 2012-12-13 19:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-11 00:47 - 2012-12-13 19:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-11 00:47 - 2008-10-23 12:28 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-01 14:07 - 2016-07-07 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2016-03-06 17:13 - 2016-10-25 20:26 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2016-05-16 19:15 - 2016-06-13 15:09 - 0001356 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2016-02-24 14:25 - 2017-01-29 17:09 - 0045056 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2016-10-19 16:34 - 2016-10-19 20:39 - 0476672 _____ () C:\Users\Chris\AppData\Local\temp\7za.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0020480 _____ (E Dev) C:\Users\Chris\AppData\Local\temp\DaS_21.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0388608 _____ (Trend Micro Inc.) C:\Users\Chris\AppData\Local\temp\hijackthis.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0030720 _____ (NirSoft) C:\Users\Chris\AppData\Local\temp\NirCmd.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0256512 _____ () C:\Users\Chris\AppData\Local\temp\PEVZ.EXE
2016-10-19 16:34 - 2016-10-19 20:39 - 0069632 _____ () C:\Users\Chris\AppData\Local\temp\remove.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0098816 _____ () C:\Users\Chris\AppData\Local\temp\sed.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0057344 _____ (Optimum X) C:\Users\Chris\AppData\Local\temp\shortcut.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0161792 _____ (SteelWerX) C:\Users\Chris\AppData\Local\temp\swreg.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0217088 _____ (SteelWerX) C:\Users\Chris\AppData\Local\temp\swxcacls.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0154232 _____ (Noël Danjou) C:\Users\Chris\AppData\Local\temp\wget.exe
2016-10-19 16:34 - 2016-10-19 20:39 - 0024064 _____ () C:\Users\Chris\AppData\Local\temp\zoek-delete.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-29 08:41

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2017 01
Ran by Chris (29-01-2017 17:13:10)
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-02-04 10:32:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled)
Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Internet Security (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies)
ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version:  - )
InPlay IPTV (HKLM\...\{4CE87481-C78C-4543-9AA0-2117CD5BF917}) (Version: 4.0.0 - Cobain ltd)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Leawo Video Converter version  5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl)
PressReader (HKLM\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.16.0115.0 - PressReader Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1052CB3B-118E-4E56-8121-30C36CA58FCB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {2EEC41BC-155E-4FB6-B264-D9E2D9DC9DDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {ADA93713-7718-4862-BB5D-22FC5C9AA169} - System32\Tasks\SafeZone scheduled Autoupdate 1449186754 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-30 04:50 - 2016-08-30 04:50 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-30 04:50 - 2016-08-30 04:50 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-23 11:28 - 2017-01-23 11:28 - 04458584 _____ () C:\Program Files\AVAST Software\Avast\defs\17012300\algo.dll
2017-01-29 11:39 - 2017-01-29 11:39 - 04459608 _____ () C:\Program Files\AVAST Software\Avast\defs\17012900\algo.dll
2016-08-18 13:54 - 2015-02-27 13:38 - 00214528 _____ () C:\Windows\System32\WSCM32.dll
2014-03-25 05:27 - 2013-03-08 09:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2016-06-29 17:20 - 2016-06-29 17:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-26 07:44 - 2015-08-26 07:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2016-06-01 14:17 - 2016-06-01 14:17 - 00144832 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 02632640 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00554944 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00039872 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00086464 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00078272 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 02231744 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00114112 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00245184 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00089536 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00055744 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00072128 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00598976 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00771520 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00131520 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00052672 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00145856 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 01566656 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00334784 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 01265600 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00069568 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00048576 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 12001728 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00242624 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00127936 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00681408 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00137152 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00030144 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00261056 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00298944 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 01291200 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00754624 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00344512 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00052160 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00456128 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00035776 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00157632 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 02680768 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00356288 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00370112 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00121792 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 14929344 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00789952 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00030144 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00746432 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00036800 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00125888 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00065472 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00024512 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00027584 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00029120 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00022464 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00037824 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00024000 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00023488 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 14:18 - 2016-06-01 14:18 - 01504704 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-06-01 14:19 - 2016-06-01 14:19 - 00022976 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV [130]
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-28 15:22 - 2016-06-11 20:42 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F4CFD83A-D58B-4331-9FC7-226F9784CDC4}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{12BEC677-E9D6-44B9-BABE-F2063712476A}] => C:\Windows\System32\muzapp.exe
FirewallRules: [{63B46E60-3403-4499-A84A-2E131052042D}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => LPort=80
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{01072E77-9C3B-4616-930C-17F242C61391}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{B4B0273B-6E73-4483-AA42-4F3F1458FF14}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [{EC3583BA-8056-4F85-97DE-E38AEAEA4639}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A1BAFF1F-0919-4447-ABD6-63BD58B10773}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0F3B77A1-361A-4F45-BB70-0C589A514D13}C:\users\chris\appdata\roaming\utorrent\utorrent.exe] => C:\users\chris\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{90A30D85-660B-4F99-960F-B4FDF0D00DAB}C:\users\chris\appdata\roaming\utorrent\utorrent.exe] => C:\users\chris\appdata\roaming\utorrent\utorrent.exe
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => Enabled:pre-scan_6_31.05.2016.1
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

22-01-2017 00:00:03 Scheduled Checkpoint
22-01-2017 17:13:43 Installed Sophos Virus Removal Tool.
23-01-2017 12:26:25 Scheduled Checkpoint
25-01-2017 00:00:02 Scheduled Checkpoint
26-01-2017 00:00:03 Scheduled Checkpoint
27-01-2017 00:00:02 Scheduled Checkpoint
28-01-2017 00:00:02 Scheduled Checkpoint
29-01-2017 00:00:03 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2017 10:47:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mshta.exe version 9.0.8112.16845 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 123c
Start Time: 01d26fe5931fac17
Termination Time: 9

Error: (01/12/2017 03:03:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/12/2017 03:03:16 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (12/18/2016 03:02:35 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/18/2016 03:02:35 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (12/17/2016 03:35:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (11/11/2016 02:42:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/11/2016 02:42:29 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (10/27/2016 05:20:25 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (10/27/2016 03:52:24 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (01/17/2017 07:19:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/17/2017 07:17:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (01/17/2017 07:17:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/17/2017 07:17:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/17/2017 07:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 07:17:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HDDHealth service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 07:17:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Center Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/17/2017 07:17:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/17/2017 07:17:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 07:17:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 62%
Total physical RAM: 3060.45 MB
Available physical RAM: 1150.25 MB
Total Virtual: 6323.89 MB
Available Virtual: 3908.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:125.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, due to inclusion of malware log. ~ Animal

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:37 AM

Posted 03 February 2017 - 09:34 AM

Greetings Campo7 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Does your computer freeze at random times or only with Firefox?

When you ran FRST an Addition.txt file should have been created. Please copy and paste the contents of the report in your reply.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
CMD: type "C:\ComboFix.txt"
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Freeze only with Firefox?
  • Addition.txt
  • Fixlog
  • GSmart report

Edited by Oh My!, 03 February 2017 - 09:54 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:37 AM

Posted 06 February 2017 - 10:07 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:37 AM

Posted 09 February 2017 - 10:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users