• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.

Search the Community

Showing results for tags 'avast'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Spyware, thiefware, browser hijackers, and other advertising parasites
    • Malware Removal
    • Spywatch
    • Smartphone Troubleshooting
  • SpywareInfo
    • Guests and Unvalidated
    • News and Announcements
    • SpywareInfo Web Site, Forums, and Newsletter
    • Frequently Asked Questions
    • SWI Community News
  • General Computing Issues
    • Security Warnings
    • Software Update Announcements
    • Software
    • PC Checkup and Troubleshooting
    • Firewalls and Proxies
    • Virus and Trojan Removal and Prevention Methods
  • Miscellaneous
    • Open Forum
    • On the web
    • Computer Horror Stories
    • Test

Calendars

  • Community Calendar

Found 3 results

  1. Avast detected this win 32 malware gen in my d drive. I quarantined the file then deleted it . I scanned the d drive again and then there were about 17 files that said avast couldn't scan them they are password protected . I'm not sure what that means. Here are my logs malware bytes Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/21/2016 Scan Time: 7:36:33 PM Logfile: malware bytes.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.21.14 Rootkit Database: v2016.08.15.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 304856 Time Elapsed: 30 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) frst Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016 Ran by Owner (administrator) on MITZI (21-09-2016 20:13:25) Running from C:\Documents and Settings\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe () C:\WINDOWS\zHotkey.exe (Microsoft Corporation) C:\WINDOWS\vVX1000.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2005-05-03] () HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] () HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2010-01-22] (Apple Computer, Inc.) HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15] (ATI Technologies Inc.) HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-19] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{AD29A29A-8BFB-471A-A54C-9175FB00E164}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/ SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> DefaultScope {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {77C3C071-4B61-4E6D-9719-FAC4804C6190} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {EC376F27-6DC3-468A-B11A-8B722F2F81F4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default FF DefaultSearchEngine.US: Secure Search FF SearchEngineOrder.1: Secure Search FF SelectedSearchEngine: Secure Search FF Homepage: hxxp://us.my.yahoo.com/ FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=B110US0D20131111&p= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] () FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-19] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1192153782-1980124124-3360170330-1006: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-27] FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-09-12] [not signed] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-18] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-19] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-08-06] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-19] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-19] (AVAST Software) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-19] (Oracle Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.) R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2010-01-22] (New Boundary Technologies, Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.) R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2010-01-22] (Windows ® 2000 DDK provider) [File not signed] R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-05-19] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-05-19] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-05-19] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-05-19] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-05-19] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-05-19] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-05-19] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-05-19] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-05-19] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software) S3 CAM1690; C:\WINDOWS\System32\Drivers\cam1690.sys [181888 2007-11-21] () [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2004-11-10] (Roxio) [File not signed] R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP) S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. ) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation) R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-14] (Realtek Semiconductor Corporation ) S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed] R3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation) S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X] U4 intelppm; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-21 20:13 - 2016-09-21 20:13 - 00015423 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt 2016-09-21 20:13 - 2016-09-21 20:13 - 00000000 ____D C:\FRST 2016-09-21 20:11 - 2016-09-21 20:11 - 00001062 _____ C:\Documents and Settings\Owner\My Documents\malware bytes.txt 2016-09-21 19:15 - 2016-09-21 19:15 - 01753088 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2016-09-12 19:38 - 2016-09-12 20:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-09-12 19:29 - 2016-09-12 19:29 - 00245743 _____ C:\Documents and Settings\Owner\My Documents\RegCertificate sunny 2016.pdf 2016-09-12 19:28 - 2016-09-12 19:28 - 00257585 _____ C:\Documents and Settings\Owner\My Documents\Receipt sunnys registration 2016.pdf 2016-09-01 10:57 - 2016-09-01 10:57 - 00000022 _____ C:\Documents and Settings\Owner\My Documents\sunny tracking.txt 2016-08-26 20:09 - 2016-08-26 20:09 - 00064388 _____ C:\Documents and Settings\Owner\My Documents\pams card id.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-21 20:13 - 2012-12-03 11:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp 2016-09-21 20:11 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents 2016-09-21 19:59 - 2010-02-10 17:29 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-21 19:38 - 2015-10-24 20:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-21 19:38 - 2013-01-09 20:33 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006UA.job 2016-09-21 19:38 - 2013-01-09 20:33 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006Core.job 2016-09-21 19:36 - 2014-07-10 13:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-21 19:07 - 2012-12-04 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP 2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Program Files\Amazon 2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Amazon 2016-09-21 17:54 - 2010-06-06 16:50 - 00000000 ____D C:\Program Files\SpywareBlaster 2016-09-21 17:39 - 2010-01-22 13:52 - 00003854 _____ C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt 2016-09-21 16:38 - 2004-10-27 21:26 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt 2016-09-21 16:34 - 2004-10-27 21:14 - 00000000 ____D C:\WINDOWS\Registration 2016-09-21 16:33 - 2016-04-14 22:28 - 00000460 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1460687301.job 2016-09-21 16:33 - 2013-08-15 15:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2016-09-21 16:33 - 2010-02-10 17:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-21 16:33 - 2004-10-27 21:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-21 13:42 - 2013-10-16 19:17 - 00364096 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2016-09-21 13:42 - 2010-01-22 13:51 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini 2016-09-20 19:08 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Pictures 2016-09-20 17:16 - 2004-10-27 20:52 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl 2016-09-19 15:09 - 2007-08-23 16:02 - 00099276 _____ C:\Documents and Settings\Owner\My Documents\Wells fargo Wachovia.txt 2016-09-14 19:36 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype 2016-09-14 18:58 - 2015-12-11 21:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk 2016-09-14 15:38 - 2016-07-14 14:38 - 06502080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2016-09-14 15:38 - 2012-04-01 19:44 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-09-14 15:38 - 2011-05-19 10:33 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-09-14 15:38 - 2004-10-27 21:16 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-09-12 22:41 - 2010-01-22 13:51 - 00000000 ____D C:\Documents and Settings\Owner 2016-09-12 22:04 - 2013-07-04 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-09-12 20:02 - 2016-07-22 14:45 - 00000981 _____ C:\Documents and Settings\Owner\My Documents\sunnys trip november twenty sixteen.txt 2016-09-07 21:00 - 2010-01-24 15:18 - 00000000 ____D C:\Program Files\FinePixViewer 2016-09-04 15:09 - 2014-05-17 17:06 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\shortcuts desktop 2016-08-30 11:03 - 2015-10-17 17:15 - 00000000 ___RD C:\Program Files\Skype 2016-08-30 11:02 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2016-08-29 21:47 - 2015-08-29 09:53 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2016-08-27 19:33 - 2014-07-10 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-08-27 19:32 - 2015-03-07 18:16 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-27 19:32 - 2014-07-10 10:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-26 20:14 - 2012-11-20 16:31 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-08-26 14:38 - 2010-09-20 11:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\SRP 2016-08-23 18:47 - 2014-11-21 15:48 - 00000054 _____ C:\Documents and Settings\Owner\My Documents\Hallmark Card Studio 2009.txt ==================== Files in the root of some directories ======= 2010-06-08 22:05 - 2014-11-04 15:12 - 0000438 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2010-01-22 21:00 - 2013-04-25 16:21 - 0012288 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-01-22 21:35 - 2010-01-22 21:35 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat 2010-01-22 20:36 - 2010-01-24 16:24 - 0010977 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed addition Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016 Ran by Owner (21-09-2016 20:14:28) Running from C:\Documents and Settings\Owner\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2010-01-22 17:51:37) Boot Mode: Normal ========================================================== ==================== Accounts: =============================
  2. I would like somebody to double check this FRST report. I had a Avast that would NOT unload so I could turn off the excess modules like Avast Browser. I then found and used the Avast Uninstaller in safe mode and started finding Avast bits and pieces everywhere. What I did after the Avast melt down was delete the old account since this was a inherited computer I got about a year ago. and I am afraid of ADM problems later. What I have done so far is download, MalwareBytes, Spybot S&D, HostsXpert (4 MVps HostFile), Spywareblaster, PrivateFirewall 7.0, BleachBit, Firefox, Microsoft Security Essentials popped up because of no antivirus. and Pysol fan Club Edition (1000 solitaire games). I installed everything and updated as needed. I then unhid Windows protected folders and ran Malwarebytes , Spybot ,and MSE. I also downloaded and ran JRT and AdwCleaner and ran them. Jrt find some stuff and deleted it. I have ran the Eset and Panda Antivirus plugins for FF and they both find nothing. (I almost forgot, I ran Malwarebytes and Spybot S&D in Safe Mode last night. Spybot found some registy entries and deleted them.) By the way, I have Uac off, I have the firewall in training mode. I locked down IExploder like usual and moved to Firefox, I don't use Outlook Express. I don't have any experience with the FRST program, so I am working blind again. Here is the the FRST an Addition text, please let me know what you think, and thanks. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01 Ran by Jerry (administrator) on JERRY-PC (04-04-2016 14:56:16) Running from C:\Users\Jerry\Desktop Loaded Profiles: Jerry (Available Profiles: Jerry) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe (Intel) C:\Program Files\Intel\AMT\LMS.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel) C:\Program Files\Intel\AMT\UNS.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.) HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated) HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File Startup: C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My Litle Helper.lnk [2016-04-02] ShortcutTarget: My Litle Helper.lnk -> C:\No Installers\BleachBit-Portable\bleachbit_console.exe () BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{1EBA343C-713F-4DAF-8C48-AEB6205B4041}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FireFox: ======== FF ProfilePath: C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jndniqbo.default FF DefaultSearchEngine.US: DuckDuckGo FF Homepage: hxxps://us2.startpage.com/eng/ FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-02] () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.) FF Extension: ImTranslator - C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jndniqbo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-04-02] FF Extension: Bitdefender QuickScan - C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jndniqbo.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-04-04] FF Extension: NO Google Analytics - C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jndniqbo.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2016-04-02] FF Extension: I don't care about cookies - C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jndniqbo.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2016-04-02] FF Extension: Adblock Plus - C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Profiles\jndniqbo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-02] FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed] R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-25] () R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-25] () R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-25] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-25] () S3 eapihdrv; C:\Users\Jerry\AppData\Local\Temp\ehdrv.sys [135760 2016-04-04] (ESET) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-04 14:55 - 2016-04-04 14:56 - 00008711 _____ C:\Users\Jerry\Desktop\FRST.txt 2016-04-04 14:54 - 2016-04-03 12:40 - 01725440 _____ (Farbar) C:\Users\Jerry\Desktop\FRST.exe 2016-04-04 13:57 - 2016-04-04 13:57 - 06823393 _____ C:\Users\Jerry\Downloads\ccsetup516.zip 2016-04-04 12:43 - 2016-04-04 13:55 - 00000000 ____D C:\Users\Jerry\Desktop\frst 2016-04-04 12:25 - 2016-04-04 12:59 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\QuickScan 2016-04-04 11:25 - 2016-04-04 11:25 - 00000000 ____D C:\Program Files\ESET 2016-04-04 11:23 - 2016-04-04 11:25 - 00000000 ____D C:\Users\Jerry\Desktop\RGA 2016-04-04 11:23 - 2016-04-04 11:23 - 02870984 _____ (ESET) C:\Users\Jerry\Downloads\esetsmartinstaller_enu.exe 2016-04-04 11:20 - 2016-04-04 11:18 - 00897536 _____ C:\Users\Jerry\Downloads\RGSA.exe 2016-04-04 11:05 - 2016-04-04 11:05 - 00000931 _____ C:\Users\Jerry\Desktop\PySol Fan Club edition.lnk 2016-04-04 11:05 - 2016-04-04 11:05 - 00000000 ____D C:\Users\Jerry\Downloads\PySolFC_2.0_setup(1) 2016-04-04 11:05 - 2016-04-04 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PySol Fan Club edition 2016-04-04 11:05 - 2016-04-04 11:05 - 00000000 ____D C:\Program Files\PySol Fan Club edition 2016-04-04 10:10 - 2016-04-04 10:10 - 08918296 _____ C:\Users\Jerry\Downloads\PySolFC_2.0_setup(1).zip 2016-04-03 22:03 - 2016-04-03 22:25 - 00256186 _____ C:\Windows\ntbtlog.txt 2016-04-03 21:23 - 2016-04-04 14:56 - 00000000 ____D C:\FRST 2016-04-03 12:40 - 2016-04-03 12:40 - 01725440 _____ (Farbar) C:\Users\Jerry\Downloads\FRST.exe 2016-04-03 09:06 - 2016-04-03 13:14 - 00000000 ____D C:\Users\Jerry\Desktop\FRST READING 2016-04-02 23:37 - 2016-04-02 23:37 - 00000000 ____D C:\Users\Jerry\Downloads\HostsXpert 2016-04-02 23:14 - 2016-04-02 23:15 - 00186732 _____ C:\Users\Jerry\Documents\cc_20160402_231434.reg 2016-04-02 23:06 - 2016-04-03 22:45 - 00000000 ____D C:\Users\Jerry\Desktop\New folder 2016-04-02 21:49 - 2016-04-02 21:49 - 00001048 _____ C:\Users\Jerry\Desktop\Documents - Shortcut.lnk 2016-04-02 20:24 - 2016-04-02 20:24 - 00000000 ____D C:\Users\Jerry\AppData\Local\Macromedia 2016-04-02 20:23 - 2016-04-02 20:23 - 00000000 ____D C:\Users\Jerry\AppData\Local\Adobe 2016-04-02 18:32 - 2016-04-02 18:30 - 00166873 _____ C:\Users\Jerry\Documents\bookmarks-2016-04-02.json 2016-04-02 15:12 - 2016-04-02 15:12 - 00002084 _____ C:\Users\Jerry\Desktop\Microsoft Security Essentials.lnk 2016-04-02 15:07 - 2016-04-02 15:10 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\PySolFC 2016-04-02 14:25 - 2016-04-02 14:25 - 15625800 _____ C:\Users\Jerry\Downloads\mp68-win-mg2500-1_02-ejs.exe 2016-04-02 13:10 - 2016-04-02 13:32 - 00000148 _____ C:\Users\Jerry\Desktop\test.txt 2016-04-02 01:21 - 2016-04-02 01:21 - 00057560 _____ C:\Users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT 2016-04-02 01:20 - 2016-04-02 01:20 - 00266320 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-02 01:15 - 2016-04-02 01:15 - 03102720 _____ C:\Users\Jerry\Downloads\AdwCleaner.exe 2016-04-02 01:09 - 2016-04-02 01:10 - 01610352 _____ (Malwarebytes) C:\Users\Jerry\Downloads\JRT.exe 2016-04-02 00:35 - 2016-04-02 14:01 - 00000000 ____D C:\Users\Jerry\Desktop\Old Icons 2016-04-02 00:29 - 2016-04-02 00:29 - 00000000 ____D C:\Program Files\Common Files\AV 2016-04-02 00:24 - 2016-04-03 22:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-04-02 00:24 - 2016-04-02 00:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2016-04-02 00:24 - 2016-04-02 00:24 - 00002098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-04-02 00:24 - 2016-04-02 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-04-02 00:24 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2016-04-02 00:20 - 2016-04-03 22:04 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-04-02 00:19 - 2016-04-02 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-02 00:19 - 2016-04-02 00:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-04-02 00:19 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-04-02 00:19 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-04-02 00:19 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-04-02 00:17 - 2016-04-02 17:54 - 00000000 ____D C:\Program Files\SpywareBlaster 2016-04-02 00:17 - 2016-04-02 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2016-04-02 00:15 - 2016-04-02 00:15 - 06741155 _____ C:\Users\Jerry\Downloads\BleachBit-1.9.4-portable.zip 2016-04-02 00:06 - 2016-04-02 00:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jerry\Downloads\spybot-2.4.exe 2016-04-02 00:03 - 2016-04-02 00:03 - 22851472 _____ (Malwarebytes ) C:\Users\Jerry\Downloads\mbam-setup-2.2.1.1043.exe 2016-04-02 00:01 - 2016-04-02 00:01 - 04274096 _____ (BrightFort LLC ) C:\Users\Jerry\Downloads\spywareblastersetup54.exe 2016-04-02 00:00 - 2016-04-04 10:01 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-04-02 00:00 - 2016-04-02 00:00 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-01 23:05 - 2016-04-01 23:05 - 00133979 _____ C:\Users\Jerry\Downloads\hosts.zip 2016-04-01 22:50 - 2016-04-01 22:50 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups 2016-04-01 22:50 - 2016-04-01 22:50 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\abelhadigital.com 2016-04-01 22:50 - 2016-04-01 22:50 - 00000000 ____D C:\ProgramData\abelhadigital.com 2016-04-01 22:48 - 2016-04-01 22:49 - 03648663 _____ C:\Users\Jerry\Downloads\HostsMan_4.6.103.zip 2016-04-01 22:45 - 2016-04-01 22:45 - 00000000 ____D C:\Users\Jerry\AppData\Local\Apple 2016-04-01 22:27 - 2016-04-01 22:27 - 00000000 ____D C:\Users\Jerry\AppData\Local\Privatefirewall 2016-04-01 22:23 - 2016-04-01 22:23 - 00000146 _____ C:\Windows\ODBC.INI 2016-04-01 22:23 - 2016-04-01 22:23 - 00000000 ____D C:\ProgramData\Privacyware 2016-04-01 22:23 - 2016-04-01 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0 2016-04-01 22:23 - 2016-04-01 22:23 - 00000000 ____D C:\Program Files\Privacyware 2016-04-01 22:23 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys 2016-04-01 22:21 - 2016-04-01 21:51 - 00000839 _____ C:\Users\Jerry\Desktop\Downloads.lnk 2016-04-01 22:19 - 2016-04-01 22:19 - 03749640 _____ (PWI, Inc. ) C:\Users\Jerry\Downloads\privatefirewall.exe 2016-04-01 22:12 - 2016-04-02 11:58 - 00000000 ____D C:\Users\Jerry\AppData\Local\Mozilla 2016-04-01 22:12 - 2016-04-01 22:12 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Mozilla 2016-04-01 22:11 - 2016-04-01 22:11 - 00242128 _____ C:\Users\Jerry\Downloads\Firefox Setup Stub 45.0.1.exe 2016-04-01 21:56 - 2016-04-01 21:56 - 00000000 __SHD C:\Users\Jerry\AppData\LocalLow\EmieUserList 2016-04-01 21:56 - 2016-04-01 21:56 - 00000000 __SHD C:\Users\Jerry\AppData\LocalLow\EmieSiteList 2016-04-01 21:56 - 2016-04-01 21:56 - 00000000 __SHD C:\Users\Jerry\AppData\LocalLow\EmieBrowserModeList 2016-04-01 21:56 - 2016-04-01 21:56 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Macromedia 2016-04-01 21:53 - 2016-04-01 21:53 - 00000000 __SHD C:\Users\Jerry\AppData\Local\EmieUserList 2016-04-01 21:53 - 2016-04-01 21:53 - 00000000 __SHD C:\Users\Jerry\AppData\Local\EmieSiteList 2016-04-01 21:53 - 2016-04-01 21:53 - 00000000 __SHD C:\Users\Jerry\AppData\Local\EmieBrowserModeList 2016-04-01 21:52 - 2016-04-02 14:32 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Canon 2016-04-01 21:52 - 2016-04-01 21:52 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\AVAST Software 2016-04-01 21:51 - 2016-04-01 21:51 - 00000000 _SHDL C:\Users\Jerry\My Documents 2016-04-01 21:51 - 2016-04-01 21:51 - 00000000 _SHDL C:\Users\Jerry\Documents\My Videos 2016-04-01 21:51 - 2016-04-01 21:51 - 00000000 _SHDL C:\Users\Jerry\Documents\My Pictures 2016-04-01 21:51 - 2016-04-01 21:51 - 00000000 _SHDL C:\Users\Jerry\Documents\My Music 2016-04-01 21:51 - 2016-04-01 21:51 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Adobe 2016-04-01 21:51 - 2016-04-01 21:51 - 00000000 ____D C:\Users\Jerry 2016-04-01 21:51 - 2010-11-20 15:57 - 00001419 _____ C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-04-01 21:51 - 2010-11-20 15:57 - 00000020 ___SH C:\Users\Jerry\ntuser.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-04 13:45 - 2010-11-20 16:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-04 13:45 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf 2016-04-04 13:44 - 2009-07-13 23:34 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-04 13:44 - 2009-07-13 23:34 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-04 13:37 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-03 13:13 - 2013-11-29 16:41 - 00000000 ____D C:\No Installers 2016-04-02 22:53 - 2009-07-13 21:04 - 00002577 _____ C:\Windows\system32\config.nt 2016-04-02 20:23 - 2013-12-04 18:34 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-04-02 20:23 - 2013-12-04 18:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-04-02 17:54 - 2013-11-29 17:03 - 00000000 ____D C:\ProgramData\TEMP 2016-04-02 14:35 - 2013-12-07 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2016-04-02 14:35 - 2013-12-07 00:56 - 00000000 ____D C:\Program Files\Canon 2016-04-01 23:50 - 2013-11-29 19:01 - 00000000 ____D C:\ProgramData\AVAST Software 2016-04-01 22:46 - 2014-12-15 22:08 - 00000000 ____D C:\ProgramData\Apple 2016-04-01 22:41 - 2014-03-02 15:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-04-01 22:40 - 2014-03-02 15:35 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-04-01 21:51 - 2009-07-13 23:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk Some files in TEMP: ==================== C:\Users\Jerry\AppData\Local\Temp\libeay32.dll C:\Users\Jerry\AppData\Local\Temp\msvcr120.dll C:\Users\Jerry\AppData\Local\Temp\sqlite3.dll C:\Users\Jerry\AppData\Local\Temp\uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-03 11:58 ==================== End of FRST.txt ============================ +++++++++++++++++++++++++++++++++++++++++++ ADDITION Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01 Ran by Jerry (2016-04-04 14:56:34) Running from C:\Users\Jerry\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2013-11-29 15:25:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-65508961-4115433561-4088024121-500 - Administrator - Disabled) Guest (S-1-5-21-65508961-4115433561-4088024121-501 - Limited - Disabled) Jerry (S-1-5-21-65508961-4115433561-4088024121-1001 - Administrator - Enabled) => C:\Users\Jerry ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Reader XI (11.0.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated) Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.) Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 2.0.0 - Canon Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla) Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.) PySol Fan Club edition v.2.0 (HKLM\...\PySol Fan Club edition_is1) (Version: - ) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.5491 - Analog Devices) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2BBD65BE-ECBD-46E2-B9AE-7FB4201964CF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {7C770A8D-09E2-4F60-B720-7473F422399E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-04-02 00:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-04-02 00:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2016-04-02 00:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-04-02 00:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2016-04-02 00:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-65508961-4115433561-4088024121-1001\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2016-04-02 23:38 - 00506641 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net 0.0.0.0 banner.ad.nu There are 12009 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-65508961-4115433561-4088024121-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1D97F61A-3386-4FE7-B565-509BF1248E92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 02-04-2016 12:57:25 New SetUp 04-04-2016 13:25:14 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/04/2016 02:55:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST.exe, version: 5.3.2016.1, time stamp: 0x56daf51f Faulting module name: FRST.exe, version: 5.3.2016.1, time stamp: 0x56daf51f Exception code: 0xc0000005 Fault offset: 0x000211de Faulting process id: 0xb20 Faulting application start time: 0xFRST.exe0 Faulting application path: FRST.exe1 Faulting module path: FRST.exe2 Report Id: FRST.exe3 Error: (04/04/2016 01:58:27 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/04/2016 01:37:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/04/2016 11:07:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/04/2016 10:53:46 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY) Description: LMS Service lost connection to HECI driver Error: (04/04/2016 10:12:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/04/2016 09:56:52 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/03/2016 10:41:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/03/2016 10:17:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/03/2016 10:14:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/04/2016 01:37:16 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{0ce04e5c-53b4-11e3-b110-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (04/04/2016 11:07:19 AM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{0ce04e5c-53b4-11e3-b110-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (04/04/2016 10:12:08 AM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{0ce04e5c-53b4-11e3-b110-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (04/04/2016 09:56:24 AM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{0ce04e5c-53b4-11e3-b110-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (04/03/2016 10:41:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (04/03/2016 10:41:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (04/03/2016 10:40:38 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{0ce04e5c-53b4-11e3-b110-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (04/03/2016 10:16:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/03/2016 10:15:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (04/03/2016 10:15:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E6550 @ 2.33GHz Percentage of memory in use: 54% Total physical RAM: 2004.61 MB Available physical RAM: 914.05 MB Total Virtual: 8004.61 MB Available Virtual: 6151.25 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:149.02 GB) (Free:126.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 7270F4A3) Partition 1: (Active) - (Size=32 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  3. My avast antivirus keeps notifying me that a security certificate from cloudflaressl.com is being blocked. I don't know what to make of this, does anybody know what this is about? Thanks!