Jump to content


Photo

I think I have some bugs! Sluggish computer etc.


  • Please log in to reply
8 replies to this topic

#1 mOtOrHeAd

mOtOrHeAd

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 January 2017 - 05:31 PM

Hello SWI!

 

   Well, it has been almost 2 years ago exactly that I ran into this before, slow computer, screen hanging up etc.

 

I read the "before you post" thread and have saved the required logs.

 

Big thanks in adavance for any and all help!!

 

Malware bytes:

 

malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/18/17
Scan Time: 3:15 PM
Logfile: SCAN 11817.txt
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1051
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262974
Time Elapsed: 7 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Farbar scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2017
Ran by Owner (administrator) on OWNER-PC (18-01-2017 15:39:41)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(Techinline Ltd.) C:\Program Files\Techinline\Remote Desktop\TiClientCoreLauncher.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\MountPoints2: F - F:\TL_Bootstrap.exe
HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\MountPoints2: {cec6d832-6569-11e3-b3b2-bcaec5b3794b} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\MountPoints2: {fb571409-22d6-11e6-b40d-bcaec5b3794b} - F:\TL_Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\{43F6A~1\1170~1.1\cesi.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-18]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-468847622-3825468100-367270768-1000] => 127.0.0.1:80
AutoConfigURL: [S-1-5-21-468847622-3825468100-367270768-1000] => 127.0.0.1:80
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F6436258-FA39-4239-A1E5-42A7B7E9E64B}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKU\S-1-5-21-468847622-3825468100-367270768-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-468847622-3825468100-367270768-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-468847622-3825468100-367270768-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-04] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-03] (Sun Microsystems, Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\egadaiqk.default-1479069439216 [2017-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-02-20]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2016-03-11] (PC Drivers HeadQuarters LP)
R2 FixMe.IT Process Launcher Service; C:\Program Files\Techinline\Remote Desktop\TiClientCoreLauncher.exe [518312 2016-09-23] (Techinline Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-04] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2016-12-14] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-13] (Atheros Communications, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2017-01-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2017-01-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-18] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-01-18] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-15] ()
S3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2014-11-17] (LG Electronics Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1077760 2009-08-17] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 15:39 - 2017-01-18 15:40 - 00011385 _____ C:\Users\Owner\Downloads\FRST.txt
2017-01-18 15:37 - 2017-01-18 15:38 - 01761792 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2017-01-18 15:37 - 2017-01-18 15:37 - 02419712 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-01-18 15:34 - 2017-01-18 15:34 - 00001041 _____ C:\Users\Owner\Desktop\SCAN 11817.txt
2017-01-18 15:14 - 2017-01-18 15:15 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-18 15:13 - 2017-01-18 15:13 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-18 15:13 - 2017-01-18 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-18 15:13 - 2017-01-18 15:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-18 15:13 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-17 21:51 - 2017-01-17 21:51 - 00000346 _____ C:\Users\Owner\Desktop\Netgear Technical Support.txt
2017-01-17 20:16 - 2017-01-17 20:16 - 00001018 _____ C:\Users\Public\Desktop\FixMe.IT Client.lnk
2017-01-17 20:16 - 2017-01-17 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixMe.IT Client
2017-01-17 20:16 - 2017-01-17 20:16 - 00000000 ____D C:\Program Files\Techinline
2017-01-11 15:31 - 2017-01-05 11:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 15:31 - 2017-01-05 11:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 15:31 - 2017-01-05 11:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 15:31 - 2017-01-05 11:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 15:31 - 2017-01-05 11:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 15:31 - 2017-01-05 11:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 15:31 - 2017-01-05 11:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 15:31 - 2017-01-05 11:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 15:31 - 2017-01-05 11:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 15:31 - 2017-01-05 11:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 15:31 - 2017-01-05 11:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-20 18:14 - 2016-12-20 18:14 - 03842181 _____ C:\Users\Owner\Desktop\flying wing chem trail.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 15:39 - 2015-01-08 20:15 - 00000000 ____D C:\FRST
2017-01-18 15:32 - 2009-07-13 22:34 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-18 15:32 - 2009-07-13 22:34 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-18 15:19 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 15:19 - 2009-07-13 20:37 - 00000000 ___HD C:\Windows\tracing
2017-01-18 15:13 - 2015-01-30 16:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 19:54 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-13 18:39 - 2012-08-16 19:43 - 00000000 ____D C:\ProgramData\Skype
2017-01-12 03:04 - 2013-08-15 02:05 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 03:02 - 2011-03-03 12:21 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-05-03 09:16 - 2016-02-19 17:52 - 0000007 ___SH () C:\Users\Owner\AppData\Roaming\date
2014-05-03 09:16 - 2014-05-06 16:15 - 0000002 ___SH () C:\Users\Owner\AppData\Roaming\evf9
2014-12-04 20:38 - 2014-12-17 16:16 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2015-05-05 15:20 - 2015-07-02 23:50 - 0000188 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2012-06-13 15:37 - 2013-01-08 22:51 - 0009216 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-07 14:40 - 2015-05-07 14:40 - 0000001 _____ () C:\Users\Owner\AppData\Local\DSI.DAT
2015-05-07 14:40 - 2015-05-07 14:40 - 0022528 _____ () C:\Users\Owner\AppData\Local\dsisetup3368724271.exe
2015-07-24 21:55 - 2015-07-24 21:55 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-03-17 18:55 - 2014-03-17 18:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-10 15:03 - 2012-11-10 15:03 - 0000368 ____H () C:\ProgramData\nh265F7yJLaRrp
2012-11-10 14:48 - 2012-11-10 14:48 - 0000368 ____H () C:\ProgramData\NNBW9EtMNYwc5D

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-29 16:43

==================== End of FRST.txt ============================

 

FARBAR addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2017
Ran by Owner (18-01-2017 15:40:39)
Running from C:\Users\Owner\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2011-03-03 17:34:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-468847622-3825468100-367270768-500 - Administrator - Disabled)
Guest (S-1-5-21-468847622-3825468100-367270768-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-468847622-3825468100-367270768-1002 - Limited - Enabled)
Owner (S-1-5-21-468847622-3825468100-367270768-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM\...\{511CFE49-F318-4659-BC3F-73E9DBC3E2A8}) (Version: 2.0.11.138 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM\...\{800B3855-2646-4707-B915-BDCC28F03D63}) (Version: 3.0.45.413 - ArcSoft)
Avast Free Antivirus (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Axis & Allies (HKLM\...\{47836B39-2465-4F39-9D7E-52F70A1C3D72}) (Version: 1.00.000 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 2.27 - Piriform)
Driver Support (HKLM\...\DriverSupport) (Version: 10.0.1.24 - PC Drivers HeadQuarters LP) <==== ATTENTION
Driver Utilities (HKLM\...\{222D57F5-2912-4162-8F63-E7841082C45E}) (Version: 8.0.1 - Driver Utilities)
Dyno2000 Version 3.08 (HKLM\...\Dyno2000 Version 3.08) (Version:  - )
FeralHeart version 1.13 (HKLM\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
FixMe.IT Client (HKLM\...\{6890D317-7872-42BD-9416-171D3821CDF5}) (Version: 4.3.1.12181 - Techinline Ltd.)
Free YouTube Downloader 4.1.591 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)
HP Button Manager (HKLM\...\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}) (Version: 3.5.00 - Hewlett-Packard)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{575A25F9-3018-46F6-AB97-552B52770877}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Webcam User's Guide (HKLM\...\{2028646C-E143-4DB1-AE19-AA31CA90E103}) (Version:  - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
iSkysoft Video Editor(Build 4.7.2) (HKLM\...\iSkysoft Video Editor_is1) (Version:  - iSkysoft Software)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
LG VZW United Drivers (HKLM\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{A6E08AC3-F00A-42B4-AF87-A30832769B23}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
ZillaTube 6.3.2 (HKLM\...\ZillaTube) (Version: 6.3.2 - ZillaTube)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0128954E-2037-4FC1-B270-E3D902685102} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {4901E9CB-79D4-4876-817F-1A585A096E6B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {53DE274A-1AB9-4365-BE85-107F2A4D6797} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6C79EA19-3C4F-40CB-A7A1-49CCFDD89646} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {853EC1AD-1160-493D-ABAD-63D96A91D38D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {9DCC18EC-7C00-4394-A6F7-2ABBAA4459E3} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A18D5B7D-D81F-4360-BA42-BFA6038451A2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC97DB67-5EED-4B38-9394-AF8AC81C553E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D2BF0764-6223-4CF3-817C-3FDE8B60C9E1} - System32\Tasks\SafeZone scheduled Autoupdate 1468972773 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {D5633F42-5020-4CD7-A88F-24EADAC05EE2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {E26AE050-AD51-41B3-AB40-EC3088100BD4} - System32\Tasks\{5B5BC81F-0845-4380-A769-E891364C9CFD} => pcalua.exe -a "C:\Users\Owner\Desktop\Irfanview 2.exe" -d C:\Users\Owner\Desktop
Task: {E7B69673-A4F5-42DC-9467-534823DBB25C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-22] (Adobe Systems Incorporated)
Task: {EC9492D5-8D29-42EC-8206-8F28CAD3434E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-30 17:26 - 2016-08-30 17:26 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-30 17:26 - 2016-08-30 17:26 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-18 15:20 - 2017-01-18 15:20 - 04368896 _____ () C:\Program Files\AVAST Software\Avast\defs\17011802\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-14 02:37 - 2016-07-14 02:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-01 19:38 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-01 19:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-01-18 15:13 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-18 15:13 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-18 15:13 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\techinline.net -> hxxps://*.techinline.net

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-468847622-3825468100-367270768-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BYRUA_AGENT => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC91A86C-8DFE-4568-B779-A9350412AFC8}] => C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{38718214-42E0-45DF-A09C-61F240B51B98}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{05C9C170-BF32-4D45-B94B-E75187BEB620}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22316B9B-AE5E-4FB8-AF67-1412F96FDAAD}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F453227D-AF98-44E7-8338-6634506A9BFF}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{00713C2D-E823-4465-878B-62FFD70567FF}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2A9DACF5-7352-46C6-A090-E75E98869DF5}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{4714273B-02B4-4346-9F7B-74FA334546D8}] => LPort=5357
FirewallRules: [{B78F4897-A833-4D6B-BC23-47DD01AC8A40}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DE7549DF-766B-4B4A-BDE0-593F53C2B2B9}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{37FCFFC9-23EB-4470-B7F1-F72C4A424E18}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{88BE2FC7-12E4-4323-9D78-C745910B6898}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7108333C-9922-4103-ABD8-B5841EB54BDF}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{201E44C9-BC39-4514-BE7D-E87CCB12BD72}] => C:\ZillaTube\ZillaTube.exe
FirewallRules: [{06156254-9E92-4674-8BB8-43E5B3B11E3F}] => C:\ZillaTube\ZillaTube.exe
FirewallRules: [{829C07DF-ECE9-4E31-B50B-84FE4D2E7BF6}] => C:\ZillaTube\ZillaTube.exe
FirewallRules: [{698C60A8-B4C6-4697-92F6-7B7ECBC5F7DA}] => C:\ZillaTube\ZillaTube.exe

==================== Restore Points =========================

23-09-2016 21:12:46 Windows Update
19-10-2016 20:32:30 Windows Update
04-11-2016 15:36:15 Windows Update
13-11-2016 03:00:34 Windows Update
15-12-2016 03:00:29 Windows Update
12-01-2017 03:00:30 Windows Update
17-01-2017 20:16:29 Installed FixMe.IT Client

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2017 07:57:07 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C85BD811-2424-4DCC-B57A-8E25085CBCD2}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (01/17/2017 07:56:37 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={960829E9-D0AF-43EF-A6E8-02F878B4E1E5}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (01/17/2017 07:56:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={1443BBEC-C005-4B3B-966D-7FCE1F81C0D1}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (01/17/2017 06:48:36 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F2323E79-598D-441A-B26F-003072CC91A2}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (01/17/2017 06:47:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5FB09BC8-4881-47E6-A8FC-82EE2436330A}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (01/13/2017 06:38:30 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

Error: (12/26/2016 01:15:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9329

Error: (12/26/2016 01:15:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9329

Error: (12/26/2016 01:15:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/26/2016 01:15:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5351


System errors:
=============
Error: (01/17/2017 09:36:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The FixMe.IT Client Service:cb822bc0-c30e-4891-9832-3e4212885b90 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/17/2017 08:17:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The FixMe.IT Client Service:1df0bbb0-1fea-4f9e-ac70-4c8db325122f service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/13/2017 06:36:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (01/12/2017 03:20:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (01/12/2017 03:00:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (01/06/2017 05:47:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (12/26/2016 12:28:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/26/2016 12:14:37 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/26/2016 12:11:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (12/24/2016 09:06:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.


CodeIntegrity:
===================================
  Date: 2016-08-21 18:55:40.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-21 18:55:39.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 03:23:21.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-12 03:23:20.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 11:05:34.691
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-11 11:05:34.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 20:15:13.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 20:15:13.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-04 20:11:44.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-04 20:11:44.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 77%
Total physical RAM: 2038.18 MB
Available physical RAM: 462.12 MB
Total Virtual: 4076.36 MB
Available Virtual: 2264.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:375.71 GB) NTFS
Drive e: () (Fixed) (Total:70.29 GB) (Free:41.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E442F48)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=70.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.2 GB) - (Type=DB)

==================== End of Addition.txt ============================

 

ROCKET GRANNIE:

 

esult of Security Analysis by Rocket Grannie (x86) Updated: 18th January, 2017
Running from:C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80TS4L1T (16:08:40 - 01/18/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X86 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - Up to Date)
Malwarebytes (Enabled - Up to Date)
Malwarebytes (Enabled - Up to Date)
Windows Defender (Disabled - Up to Date)
Avast Antivirus (Enabled - Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI (version 21.0.0.242) is *out of Date*

CCleaner (version 2.27) is *out of Date*
Firefox (version 35.0) is *out of Date*
Java™ 6 Update 20 (version 6.0.200) is *out of Date*

***----------------Analysis Complete-------------------------***


Edited by mOtOrHeAd, 18 January 2017 - 05:46 PM.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,530 posts

Posted 21 January 2017 - 06:26 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 21 January 2017 - 07:51 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Driver Support (HKLM\...\DriverSupport) (Version: 10.0.1.24 - PC Drivers HeadQuarters LP) <==== ATTENTION
----

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
AppInit_DLLs: C:\PROGRA~2\{43F6A~1\1170~1.1\cesi.dll => No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2016-03-11] (PC Drivers HeadQuarters LP)
Task: {0128954E-2037-4FC1-B270-E3D902685102} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {853EC1AD-1160-493D-ABAD-63D96A91D38D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9DCC18EC-7C00-4394-A6F7-2ABBAA4459E3} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A18D5B7D-D81F-4360-BA42-BFA6038451A2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC97DB67-5EED-4B38-9394-AF8AC81C553E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {EC9492D5-8D29-42EC-8206-8F28CAD3434E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
2016-03-01 19:38 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-01 19:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxps://apps.driversupport.com
C:\Program Files\Veloxum

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/

==============

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882

If still present after the updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Java 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
===

Please post the Fixlog.txt and let me know what probblem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 mOtOrHeAd

mOtOrHeAd

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 22 January 2017 - 09:37 PM

Thanks NASDAQ, I appreciate the help!!

 

 

Ok I ran everything and here his the updated log. I also uninstalled some old Adobe versions succesfully. The only one that will not uninstall is the Java 6 Update 20, I tried a couple times but a pop up that says, "Do you want to update software?" comes up instead; I click no. Not sure on that. What do you think?

 

Also as a side note my Netgear wireless router (wndr-3400v2) will not connect to my computer. I have to bypass it to get online. If I have it plugged in there is no access to the internet. What's weird is I disconnected it to move it, reconnected and not it will not work. It's on but the internet won't get past to the modem.

 

 

Thanks again!

 

 

 

ix result of Farbar Recovery Scan Tool (x86) Version: 22-01-2017
Ran by Owner (22-01-2017 19:00:34) Run:2
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
AppInit_DLLs: C:\PROGRA~2\{43F6A~1\1170~1.1\cesi.dll => No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2016-03-11] (PC Drivers HeadQuarters LP)
Task: {0128954E-2037-4FC1-B270-E3D902685102} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {853EC1AD-1160-493D-ABAD-63D96A91D38D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9DCC18EC-7C00-4394-A6F7-2ABBAA4459E3} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A18D5B7D-D81F-4360-BA42-BFA6038451A2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC97DB67-5EED-4B38-9394-AF8AC81C553E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {EC9492D5-8D29-42EC-8206-8F28CAD3434E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
2016-03-01 19:38 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-01 19:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxps://apps.driversupport.com
C:\Program Files\Veloxum

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe => No running process found
C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe => No running process found
"C:\PROGRA~2\{43F6A~1\1170~1.1\cesi.dll" => Value data removed successfully..
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key removed successfully.
HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} => key removed successfully.
HKCR\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} => key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key removed successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully.
DSAO => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0128954E-2037-4FC1-B270-E3D902685102} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0128954E-2037-4FC1-B270-E3D902685102} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B184694-64C3-4633-94C5-945B3FA561D6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B184694-64C3-4633-94C5-945B3FA561D6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{853EC1AD-1160-493D-ABAD-63D96A91D38D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{853EC1AD-1160-493D-ABAD-63D96A91D38D} => key removed successfully.
C:\Windows\System32\Tasks\Driver Support => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DCC18EC-7C00-4394-A6F7-2ABBAA4459E3} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DCC18EC-7C00-4394-A6F7-2ABBAA4459E3} => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMScan => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScan => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F54B95F-5096-4803-AE61-E9B3AC5B616D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F54B95F-5096-4803-AE61-E9B3AC5B616D} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A18D5B7D-D81F-4360-BA42-BFA6038451A2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A18D5B7D-D81F-4360-BA42-BFA6038451A2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC97DB67-5EED-4B38-9394-AF8AC81C553E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC97DB67-5EED-4B38-9394-AF8AC81C553E} => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMRules => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D21F6024-191F-4454-BBBC-09A650DA2549} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D21F6024-191F-4454-BBBC-09A650DA2549} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC9492D5-8D29-42EC-8206-8F28CAD3434E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC9492D5-8D29-42EC-8206-8F28CAD3434E} => key removed successfully.
C:\Windows\System32\Tasks\Driver Support-RTMUpdater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMUpdater => key removed successfully.
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll => moved successfully
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll => moved successfully
HKU\S-1-5-21-468847622-3825468100-367270768-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key removed successfully.
HKU\S-1-5-21-468847622-3825468100-367270768-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driversupport.com => key not found.
"C:\Program Files\Veloxum" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 4194304 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48230997 B
Java, Flash, Steam htmlcache => 873 B
Windows/system/drivers => 148021893 B
Edge => 0 B
Chrome => 9418881 B
Firefox => 9715109 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 38991346 B
LocalService => 132244 B
NetworkService => 1154278 B
Owner => 404695495 B

RecycleBin => 0 B
EmptyTemp: => 633.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:02:27 ====


Edited by mOtOrHeAd, 22 January 2017 - 10:07 PM.


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 23 January 2017 - 07:58 AM


Open Notepad.
Copy and past the following in the text box.

msiexec.exe /x {26A24AE4-039D-4CA4-87B4-2F83216020FF} /qn

Save the file as RemoveJava.bat on your Desktop.

Click the file to run it.

Let if finish.

---

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/...t-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit...rg/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsuppo...belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/...ss-secure_.html


If this fails to restore your router check with your Internet Provider.
Have them test the router, it may be faulty.

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 mOtOrHeAd

mOtOrHeAd

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 24 January 2017 - 12:36 AM

Thank you!

 

  I ran the RemoveJava.bat but the Java 6 update 20 is still there. When I would click on the link the computer would start to work but I never saw any pop ups or the like telling me anything even after a couple hours, I ran it a couple times; did I miss something?

 

I'm still messing with the router.

 

Thanks for your efforts!



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 24 January 2017 - 08:13 AM

Forget about the Java entry. It's a dead link.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 mOtOrHeAd

mOtOrHeAd

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 28 January 2017 - 12:21 AM

Ok!

 

Thanks for the links, I'm back in business! I had to totally reset the router and go from there.

 

Plus, the computer is a lot faster on messing with programs as well as the interenet. If there is anything else I need to do I'm all ears!

 

 

Thanks for your time and efforts NASDAQ, you've helped me before and I appreciate it!!



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,165 posts

Posted 28 January 2017 - 08:49 AM

Glad we could help.



If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/

===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!