Jump to content


Photo

Computer infected with a Trojan


  • Please log in to reply
9 replies to this topic

#1 Pdwilli3

Pdwilli3

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 27 January 2017 - 09:13 AM

I downloaded a file infected with a trojan. My Avast Antivirus scanned it and cleared it before I could abort the opening of the file.

 

Microsoft Firewall alerted that "windows/SYSWOW64/explorer.exe" was trying to access an external website. That access was blocked.

 

I immediately downloaded, installed, and ran Malawarebytes. The trial period real time protection blocked a couple attempts to connect. It found a file and automatically quarantined it, but the program keeps stalling and hasn't successfully completed a full scan. I've also tried running Malawarebytes in Safemode and it causes the computer to shut off after about 30 seconds of scanning.

 

At one point, I got a notice on my desktop that said, "Windows 7 Build 7601 This copy of Windows not genuine." This has since disappeared.

 

I've turned off my wireless so I'm not actively connecting to the internet.

 

My next step to try was to run RKill and try Malawarebytes again to get a completed scan, unless there is a better way.



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 27 January 2017 - 01:37 PM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs for my review.

Wait for further instructions.


p.s.
We are expecting a firmware update today or early next week.

If the Forum is down give it a few hours before you try to post a reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 Pdwilli3

Pdwilli3

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 27 January 2017 - 03:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Patrick (administrator) on LAPTOP_NEW (27-01-2017 13:42:59)
Running from C:\Users\Patrick\Desktop\Farbar
Loaded Profiles: Patrick &  (Available Profiles: Patrick & Teresa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(PixArt Imaging Incorporation) C:\windows\PixArt\Pac207\Monitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [Monitor] => C:\windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192803631\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192803631\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192909263\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192909263\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7067048 2015-12-02] (Piriform Ltd)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\MountPoints2: {1bbff889-be01-11e1-9571-18037380aad3} - E:\iStudio.exe
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\MountPoints2: {21eae965-dcfd-11e2-98da-18037380aad3} - E:\win\setup.exe -phs
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\...\MountPoints2: {c73ef8c2-a1b7-11e2-9736-18037380aad3} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7067048 2015-12-02] (Piriform Ltd)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\MountPoints2: {1bbff889-be01-11e1-9571-18037380aad3} - E:\iStudio.exe
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\MountPoints2: {21eae965-dcfd-11e2-98da-18037380aad3} - E:\win\setup.exe -phs
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\...\MountPoints2: {c73ef8c2-a1b7-11e2-9736-18037380aad3} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [TivoTransfer] => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [TivoServer] => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [TivoNotify] => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [Speccy] => C:\Program Files\Speccy\Speccy64.exe [7067048 2015-12-02] (Piriform Ltd)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [HP OfficeJet Pro 8710 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\MountPoints2: {1bbff889-be01-11e1-9571-18037380aad3} - E:\iStudio.exe
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\MountPoints2: {21eae965-dcfd-11e2-98da-18037380aad3} - E:\win\setup.exe -phs
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\...\MountPoints2: {c73ef8c2-a1b7-11e2-9736-18037380aad3} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-29] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2011-11-20]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2011-11-20]
ShortcutTarget: Billminder.lnk -> C:\QUICKENW\BILLMIND.EXE (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2014-01-22]
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{53254693-346A-4842-B9B8-0A4DBE6C1CF8}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{A94CFB69-2622-400C-845C-4C981D45D8B7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BCF96A91-8336-4102-A324-8184BD80DE1D}: [DhcpNameServer] 77.234.40.79

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://my.yahoo.com/
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://my.yahoo.com/
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://my.yahoo.com/
HKU\S-1-5-21-115433789-2630429241-2204408760-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192809696\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-115433789-2630429241-2204408760-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192920957\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> DefaultScope {FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> {4B8AD0AB-2878-4F41-A5BD-7E22080A8A98} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> {FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 -> DefaultScope {FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 -> {4B8AD0AB-2878-4F41-A5BD-7E22080A8A98} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 -> {FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 -> DefaultScope {FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 -> {4B8AD0AB-2878-4F41-A5BD-7E22080A8A98} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 -> {FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192809696 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192920957 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {05478A66-EDB6-4A22-A870-A5987F80A7DA} -> No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default [2017-01-26]
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\user.js [2016-01-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xjibm5rm.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\xjibm5rm.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\xjibm5rm.default -> hxxp://us.yhs4.search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\xjibm5rm.default -> Yahoo! (Avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xjibm5rm.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\xjibm5rm.default -> hxxps://my.yahoo.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\xjibm5rm.default -> hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Extension: (Logitech Device Detection) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\Extensions\DeviceDetection@logitech.com [2011-11-18] [not signed]
FF Extension: (MinimizeToTray revived (MinTrayR)) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\Extensions\mintrayr@tn123.ath.cx [2016-08-07]
FF Extension: (Garmin Communicator) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-02-21] [not signed]
FF Extension: (NoScript) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-17]
FF Extension: (Adblock Plus) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo-avast.xml [2014-06-05]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo_ff.xml [2015-11-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2011-11-17] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-115433789-2630429241-2204408760-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll [2011-11-17] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012-10-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.my.yahoo.com/
CHR StartupUrls: Default -> "hxxps://my.yahoo.com/#"
CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default [2017-01-23]
CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Avast Online Security) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-12-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-23]
CHR Extension: (Avast SafePrice) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Gmail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-29] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-02-05] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-02-05] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-02-05] (BlueStack Systems, Inc.)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1919472 2016-12-15] (Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService.exe [217088 2010-08-10] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-08-29] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-08-29] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-08-29] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-29] (AVAST Software)
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-08-29] (AVAST Software)
S3 aswTap; C:\windows\System32\DRIVERS\aswTap.sys [44640 2014-07-10] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-02-05] (BlueStack Systems)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 libusb0; C:\windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-25] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\drivers\farflt.sys [102856 2017-01-27] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [43968 2017-01-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-27] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [81696 2017-01-27] (Malwarebytes)
S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]
R3 NETGEARUHOST; C:\windows\System32\DRIVERS\NETGEARUHOST.sys [16384 2007-03-08] (SerComm)
R3 NETGEARUHUB; C:\windows\System32\DRIVERS\NETGEARUHUB.sys [40960 2007-03-08] (SerComm)
S3 PAC207; C:\windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 vtcdrv; C:\windows\System32\DRIVERS\vtcdrv.sys [25088 2010-05-07] (Windows ® Win 7 DDK provider)
S3 vuhub; C:\windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()
S3 WinRing0_1_2_0; C:\Users\Patrick\Downloads\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
R3 WirelessKeyboardFilter; C:\windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-27 13:42 - 2017-01-27 13:42 - 00000000 ____D C:\FRST
2017-01-27 13:40 - 2017-01-27 13:42 - 00000000 ____D C:\Users\Patrick\Desktop\Farbar
2017-01-27 13:39 - 2017-01-27 13:39 - 00000000 ____D C:\Users\Patrick\Desktop\Antivirus
2017-01-26 06:37 - 2017-01-26 05:01 - 00082936 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2017-01-26 05:55 - 2017-01-26 19:07 - 00452408 _____ C:\windows\ntbtlog.txt
2017-01-25 06:34 - 2017-01-25 06:34 - 00176064 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-01-25 06:33 - 2017-01-27 13:37 - 00102856 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-01-25 06:33 - 2017-01-27 13:36 - 00250816 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-25 06:33 - 2017-01-27 13:36 - 00081696 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-01-25 06:33 - 2017-01-27 13:36 - 00043968 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-01-25 06:33 - 2017-01-25 06:33 - 00001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-25 06:33 - 2017-01-25 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-25 06:33 - 2016-12-14 12:55 - 00077416 _____ C:\windows\system32\Drivers\mbae64.sys
2017-01-25 06:32 - 2017-01-25 06:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-25 06:30 - 2017-01-25 06:31 - 54199488 _____ (Malwarebytes ) C:\Users\Patrick\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-25 06:22 - 2017-01-25 06:22 - 00936976 _____ C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_ge.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 00253456 _____ C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_sf.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 00245264 _____ C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_el.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 00047120 _____ C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_ftp.dat
2017-01-25 06:16 - 2017-01-25 06:16 - 00232464 _____ C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_br.dat
2017-01-25 06:09 - 2017-01-26 05:53 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\tor
2017-01-23 14:14 - 2017-01-23 14:14 - 51152168 _____ C:\Users\Patrick\AppData\Roaming\Cheating wife on real hidden cam.avi
2017-01-23 14:14 - 2017-01-23 14:14 - 02699264 _____ (Telerik) C:\Users\Patrick\AppData\Roaming\redactors.exe
2017-01-23 14:14 - 2017-01-23 14:14 - 00000000 ____D C:\windows\System32\Tasks\Update
2017-01-18 20:58 - 2017-01-18 20:58 - 02380273 _____ C:\Users\Patrick\Desktop\Circle Clock v3.apk
2017-01-17 20:50 - 2017-01-17 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-15 18:30 - 2011-06-11 04:23 - 10578246 _____ C:\Users\Patrick\Desktop\HDV_0134.MP4
2017-01-15 18:30 - 2011-06-11 04:23 - 07266564 _____ C:\Users\Patrick\Desktop\HDV_0135.MP4
2017-01-15 18:30 - 2011-06-11 04:23 - 05972616 _____ C:\Users\Patrick\Desktop\HDV_0137.MP4
2017-01-15 18:30 - 2011-06-11 04:23 - 03510897 _____ C:\Users\Patrick\Desktop\HDV_0136.MP4
2017-01-15 18:30 - 2011-06-11 04:22 - 31822547 _____ C:\Users\Patrick\Desktop\HDV_0132.MP4
2017-01-15 18:30 - 2011-06-11 04:22 - 04172369 _____ C:\Users\Patrick\Desktop\HDV_0133.MP4
2017-01-15 18:30 - 2011-06-11 04:21 - 02853307 _____ C:\Users\Patrick\Desktop\HDV_0131.MP4
2017-01-15 18:30 - 2011-06-11 04:03 - 02554984 _____ C:\Users\Patrick\Desktop\HDV_0130.MP4
2017-01-11 00:39 - 2017-01-05 12:55 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-01-11 00:39 - 2017-01-05 12:55 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-01-11 00:39 - 2017-01-05 12:52 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-01-11 00:39 - 2017-01-05 12:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-01-11 00:39 - 2017-01-05 11:43 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-01-11 00:39 - 2017-01-05 11:42 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-01-11 00:39 - 2017-01-05 11:32 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-01-11 00:39 - 2017-01-05 11:25 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-01-11 00:39 - 2017-01-05 11:24 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-01-11 00:39 - 2017-01-05 11:24 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-01-11 00:39 - 2017-01-05 11:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-01-11 00:39 - 2017-01-05 11:23 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-01-11 00:39 - 2017-01-05 11:19 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-01-07 19:11 - 2017-01-07 19:11 - 00100474 _____ C:\Users\Patrick\Desktop\PHOP_Treasury_Report_1-8-17.pdf
2017-01-07 19:11 - 2017-01-07 19:11 - 00010687 _____ C:\Users\Patrick\Desktop\PHOP_Treasury_Report_1-8-17.xlsx
2017-01-07 18:54 - 2017-01-07 19:05 - 00100474 _____ C:\Users\Patrick\Desktop\PHOP_Treasury_Report_1-7-17.pdf
2017-01-07 18:44 - 2017-01-07 19:10 - 00010689 _____ C:\Users\Patrick\Desktop\PHOP_Treasury_Report_1-7-17.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-27 13:43 - 2009-07-13 23:13 - 00796934 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-27 13:43 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2017-01-27 13:17 - 2012-07-08 09:14 - 00004180 _____ C:\windows\System32\Tasks\avast! Emergency Update
2017-01-27 11:02 - 2013-05-21 13:10 - 00003440 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2017-01-26 19:26 - 2009-07-13 22:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-26 19:26 - 2009-07-13 22:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-26 19:24 - 2011-12-11 13:14 - 00000000 ____D C:\Users\Patrick\Documents\My eBooks
2017-01-26 19:19 - 2016-02-21 07:32 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-01-26 19:15 - 2011-11-16 20:49 - 00000000 ____D C:\Temp
2017-01-26 19:13 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-26 14:44 - 2016-01-22 10:51 - 04174134 _____ C:\Users\Patrick\Downloads\motochopper.zip
2017-01-26 14:00 - 2016-11-19 06:17 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Mozilla
2017-01-26 06:28 - 2011-09-03 04:36 - 00000000 ____D C:\ProgramData\Sonic
2017-01-25 20:24 - 2011-11-20 19:02 - 00000000 ____D C:\QUICKENW
2017-01-25 14:23 - 2011-11-17 06:22 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Azureus
2017-01-25 13:56 - 2011-11-17 13:01 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc
2017-01-25 13:49 - 2011-11-17 12:23 - 00000000 ____D C:\Users\Patrick\Documents\Vuze Downloads
2017-01-25 06:32 - 2012-09-10 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-21 20:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2017-01-19 22:05 - 2015-06-14 17:28 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-19 22:05 - 2013-11-12 05:50 - 00000000 ____D C:\ProgramData\Oracle
2017-01-19 22:05 - 2013-11-12 05:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-19 22:03 - 2015-06-14 17:29 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-19 22:01 - 2014-12-16 07:19 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-01-19 22:01 - 2014-12-16 07:19 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-19 22:01 - 2014-06-17 05:22 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2017-01-19 22:01 - 2011-11-17 21:08 - 00000000 ____D C:\windows\system32\Macromed
2017-01-19 22:01 - 2011-09-03 04:08 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-19 20:06 - 2015-11-25 06:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 20:52 - 2015-06-28 14:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-17 20:51 - 2015-06-28 14:17 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-17 20:50 - 2015-06-28 14:17 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2017-01-13 17:07 - 2011-09-03 04:44 - 00000000 ____D C:\ProgramData\Skype
2017-01-12 17:45 - 2014-12-29 06:32 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 04:21 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2017-01-11 03:09 - 2013-08-03 02:00 - 00000000 ____D C:\windows\system32\MRT
2017-01-11 03:01 - 2011-11-17 06:06 - 135657872 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-01-08 01:01 - 2011-11-22 18:43 - 00000000 ____D C:\Users\Patrick\AppData\Local\ElevatedDiagnostics
2016-12-30 19:12 - 2016-11-24 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-30 19:12 - 2012-04-26 04:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2017-01-23 14:14 - 2017-01-23 14:14 - 51152168 _____ () C:\Users\Patrick\AppData\Roaming\Cheating wife on real hidden cam.avi
2017-01-25 06:16 - 2017-01-25 06:16 - 0232464 _____ () C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_br.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 0245264 _____ () C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_el.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 0047120 _____ () C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_ftp.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 0936976 _____ () C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_ge.dat
2017-01-25 06:22 - 2017-01-25 06:22 - 0253456 _____ () C:\Users\Patrick\AppData\Roaming\qmhpwkmicx_sf.dat
2017-01-23 14:14 - 2017-01-23 14:14 - 2699264 _____ (Telerik) C:\Users\Patrick\AppData\Roaming\redactors.exe
2012-12-21 20:04 - 2015-12-24 08:48 - 0006656 _____ () C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-10 17:31 - 2015-02-16 13:45 - 0007597 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg
2012-05-30 19:05 - 2012-05-30 19:05 - 0000000 _____ () C:\Users\Patrick\AppData\Local\rx_image32.Cache
2014-12-22 21:36 - 2014-12-22 21:36 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-11-17 23:54 - 2011-11-17 23:54 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-01-05 13:55 - 2012-01-05 13:59 - 0000827 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Patrick\CTX.DAT


Some files in TEMP:
====================
2016-12-16 15:04 - 2016-12-01 09:31 - 0050720 _____ (HP Inc.) C:\Users\Patrick\AppData\Local\Temp\ACLMInstaller.exe
2017-01-26 19:16 - 2017-01-26 19:16 - 0041984 _____ () C:\Users\Patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0tev7z.dll
2016-12-18 01:01 - 2016-12-18 01:01 - 0003584 _____ () C:\Users\Patrick\AppData\Local\Temp\fgeggoqq.dll
2017-01-17 20:42 - 2017-01-17 20:42 - 49878168 _____ (Garmin Ltd or its subsidiaries) C:\Users\Patrick\AppData\Local\Temp\GarminExpressInstaller.exe
2016-09-02 13:00 - 2017-01-25 14:23 - 0035680 _____ () C:\Users\Patrick\AppData\Local\Temp\i4jdel0.exe
2016-09-10 20:21 - 2017-01-25 06:52 - 0035680 _____ () C:\Users\Patrick\AppData\Local\Temp\i4jdel1.exe
2016-11-17 06:08 - 2017-01-10 07:06 - 0035680 _____ () C:\Users\Patrick\AppData\Local\Temp\i4jdel2.exe
2016-10-19 04:49 - 2016-10-19 04:49 - 0737856 _____ (Oracle Corporation) C:\Users\Patrick\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 22:01 - 2017-01-19 22:02 - 0739904 _____ (Oracle Corporation) C:\Users\Patrick\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-09-20 19:17 - 2016-09-20 19:18 - 0008192 _____ () C:\Users\Patrick\AppData\Local\Temp\oyzds-sp.dll
2007-04-05 15:39 - 2007-04-05 15:39 - 0455600 ____R (Macrovision Corporation) C:\Users\Patrick\AppData\Local\Temp\_is1625.exe
2016-12-08 12:21 - 2016-12-08 12:21 - 13983608 _____ (Google Inc.) C:\Users\Patrick\AppData\Local\Temp\{39D9FD55-3162-4C66-8272-25705C6A6F04}-55.0.2883.87_54.0.2840.99_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-23 00:42

==================== End of FRST.txt ============================



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 28 January 2017 - 08:41 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: No Name -> {05478A66-EDB6-4A22-A870-A5987F80A7DA} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\user.js [2016-01-08]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo-avast.xml [2014-06-05]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo_ff.xml [2015-11-22]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-01]
CHR Extension: (Avast Online Security) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixldog.txt and let me know what problem persists.

Please include the Addition.txt log that was created by the Farbar tool. I need to review it.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 Pdwilli3

Pdwilli3

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 28 January 2017 - 11:49 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Patrick (28-01-2017 09:07:09) Run:1
Running from C:\Users\Patrick\Desktop\Farbar
Loaded Profiles: Patrick &  (Available Profiles: Patrick & Teresa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
URLSearchHook: HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes:
HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-115433789-2630429241-2204408760-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: No Name -> {05478A66-EDB6-4A22-A870-A5987F80A7DA} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\user.js [2016-01-08]
FF SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo-avast.xml [2014-06-05]
FF
SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo_ff.xml [2015-11-22]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-01]
CHR Extension: (Avast Online Security) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST
Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.0.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <not found>
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]

End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\SOFTWARE\Policies\Google => key removed successfully
CHR => Error: No automatic fix found for this entry.
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\SOFTWARE\Policies\Google: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
hxxps://search.yahoo.com/?type=994519&fr=spigot-yhp-ie => Error: No automatic fix found for this entry.
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => value removed successfully
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192804435 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} => value not found.
HKU\S-1-5-21-115433789-2630429241-2204408760-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-01262017192911245 - (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
SearchScopes: => Error: No automatic fix found for this entry.
HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} => Error: No automatic fix found for this entry.
HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key removed successfully
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key removed successfully
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => value removed successfully
HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => key not found.
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\user.js => moved successfully
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\user.js => not found.
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo-avast.xml => moved successfully
FF => Error: No automatic fix found for this entry.
SearchPlugin: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xjibm5rm.default\searchplugins\yahoo_ff.xml [2015-11-22] => Error: No automatic fix found for this entry.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found> => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => key removed successfully
HKLM\System\CurrentControlSet\Services\motccgpfl => key removed successfully
motccgpfl => service removed successfully
HKLM\System\CurrentControlSet\Services\motmodem => key removed successfully
motmodem => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5419609 B
Java, Flash, Steam htmlcache => 141408 B
Windows/system/drivers => 1323530103 B
Edge => 0 B
Chrome => 493281574 B
Firefox => 538245123 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42353993 B
systemprofile32 => 134722 B
LocalService => 16384 B
NetworkService => 2881662 B
Patrick => 1466181585 B
Teresa => 17026165 B

RecycleBin => 54353924 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:13:38 ====

 

 

Malawarebytes is still stalling after about an hour of scanning. It stops progress at a different file each time.

 

I haven't reactivated my wifi signal yet.

 

 

Attached Files



#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 29 January 2017 - 08:38 AM

Remove these programs via the Control Panel > Programs > Programs and Features.
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
Vuze Remote Toolbar v7.6 (HKLM-x32\...\{7FAA19D2-3CF3-4FF6-9746-C0B8DB88757D}) (Version: 7.6 - Spigot, Inc.) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


Task: {02FAF6B9-794E-4FAB-B6AB-027306373363} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B82BB79F-0ACA-455F-94EC-1C2F6115A355} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-09-24] ()
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E0674E2E-D0C2-4446-BC88-EEBEBAD93FDD} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 [133]
C:\Users\Patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0tev7z.dll

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
==============

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Remove these old programs via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
===

This is the cause of Malwarebyte not completing the scan.
 

Error: (01/26/2017 08:12:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.388, time stamp: 0x58320f73
Faulting module name: 7z.dll, version: 16.2.0.0, time stamp: 0x57401d8b
Exception code: 0xc0000005
Fault offset: 0x000000000008ca19
Faulting process id: 0xab0
Faulting application start time: 0x01d2783adda08515
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
Report Id: 1f172ade-e436-11e6-9332-18037380aad3


I suggest you remove it completely via the Control panel.

Restart the computer normally after.

Reinstall the program using this link.

Download Malwarebytes Anti-Malware from here
---


Reactivate your Wifi.
If the problem persists please donwload and run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please let me know what problem persists with this computer.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 Pdwilli3

Pdwilli3

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 29 January 2017 - 09:42 AM

I get an error when I try to remove the Vuze Toolbar.

 

The path
'C:\Users\Patrick\AppData\Local\Temp\{8CE0523F-3805-46E2-8A31-C86E483167F9}\vuzeToolbar.msi' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'vuzeToolbar.msi' in a folder from which you can install the product Vuze Remote Toolbar v7.6.

 

 

Should I continue with the rest of the steps?



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 30 January 2017 - 07:24 AM

Yes, the tool bar was removed but the entry in the installed list is still present.
Nothing to worry about.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 Pdwilli3

Pdwilli3

    Member

  • Full Member
  • Pip
  • 29 posts

Posted 30 January 2017 - 03:08 PM

Download Updater (AOL Inc.) - removed.

Vuze Remote Toolbar v7.6 - removed but still listed on Install List.

 

________________________________________

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Patrick (30-01-2017 06:35:37) Run:2
Running from C:\Users\Patrick\Desktop\Farbar
Loaded Profiles: Patrick &  (Available Profiles: Patrick & Teresa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


Task: {02FAF6B9-794E-4FAB-B6AB-027306373363} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B82BB79F-0ACA-455F-94EC-1C2F6115A355} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-09-24] ()
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {E0674E2E-D0C2-4446-BC88-EEBEBAD93FDD} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 [133]
C:\Users\Patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0tev7z.dll

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02FAF6B9-794E-4FAB-B6AB-027306373363} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02FAF6B9-794E-4FAB-B6AB-027306373363} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B82BB79F-0ACA-455F-94EC-1C2F6115A355} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82BB79F-0ACA-455F-94EC-1C2F6115A355} => key removed successfully
C:\windows\System32\Tasks\Private Internet Access Startup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Private Internet Access Startup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0674E2E-D0C2-4446-BC88-EEBEBAD93FDD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0674E2E-D0C2-4446-BC88-EEBEBAD93FDD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\ProgramData\Temp => ":0A8E2C33" ADS removed successfully.
"C:\Users\Patrick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0tev7z.dll" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5926628 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 11004 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Patrick => 254765 B
Teresa => 0 B

RecycleBin => 0 B
EmptyTemp: => 17.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:36:14 ====

 

 

Adobe Air - Updated

Adobe Flash - Updated

 

Adobe AIR (Version: 23.0.0.257) - Because of above update, this version was no longer listed.

Adobe Flash Player 23 ActiveX - Removed.
JavaFX 2.1.1 - Removed.

 

Malawarebytes - Removed and Reinstalled.

 

Successful Scan with Malawarebytes. All items were Quaruntined. I have NOT rebooted since scan.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/30/17
Scan Time: 8:19 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1136
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Laptop_New\Patrick

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 536459
Time Elapsed: 1 hr, 5 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
Trojan.Agent.Trace, HKLM\SOFTWARE\WOW6432NODE\JaiMataDi, Delete-on-Reboot, [3235], [248446],1.0.1136
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER, Delete-on-Reboot, [811], [243437],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B8AD0AB-2878-4F41-A5BD-7E22080A8A98}, Delete-on-Reboot, [811], [243431],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B}, Delete-on-Reboot, [811], [243431],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\SEARCH SETTINGS, Delete-on-Reboot, [811], [243435],1.0.1136
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, Delete-on-Reboot, [811], [243440],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\Vuze Remote, Delete-on-Reboot, [811], [243436],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Delete-on-Reboot, [811], [243429],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\APPDATALOW\SOFTWARE\Vuze Remote, Delete-on-Reboot, [811], [243430],1.0.1136

Registry Value: 6
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER|SERVERURL, Delete-on-Reboot, [811], [243437],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B8AD0AB-2878-4F41-A5BD-7E22080A8A98}|URL, Delete-on-Reboot, [811], [243431],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B8AD0AB-2878-4F41-A5BD-7E22080A8A98}|OSDFILEURL, Delete-on-Reboot, [811], [243432],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{FAB2D6BD-F4BB-4FDB-8C6B-A9E7FD0D947B}|URL, Delete-on-Reboot, [811], [243431],1.0.1136
PUP.Optional.Spigot, HKU\S-1-5-21-115433789-2630429241-2204408760-1000\SOFTWARE\SEARCH SETTINGS|GCPROTECTED, Delete-on-Reboot, [811], [243435],1.0.1136
PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|INSTALLDIR, Delete-on-Reboot, [811], [243440],1.0.1136

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.OpenCandy, C:\Users\Patrick\AppData\Roaming\OpenCandy\82293194C6C14B05829017B838DE1954, Quarantined, [645], [173202],1.0.1136
PUP.Optional.OpenCandy, C:\USERS\PATRICK\APPDATA\ROAMING\OpenCandy, Quarantined, [645], [173202],1.0.1136
PUP.Optional.Spigot, C:\USERS\PATRICK\APPDATA\ROAMING\Slick Savings, Quarantined, [811], [180685],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang, Quarantined, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6, Quarantined, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res, Quarantined, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\IE, Quarantined, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\PROGRAM FILES (X86)\Vuze Remote Toolbar, Quarantined, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\USERS\PATRICK\APPDATA\LOCAL\Slick Savings, Quarantined, [811], [180683],1.0.1136
PUP.Optional.Spigot, C:\Users\Patrick\AppData\LocalLow\Search Settings\temp, Quarantined, [811], [179812],1.0.1136
PUP.Optional.Spigot, C:\Users\Patrick\AppData\LocalLow\Search Settings\res, Quarantined, [811], [179812],1.0.1136
PUP.Optional.Spigot, C:\USERS\PATRICK\APPDATA\LOCALLOW\SEARCH SETTINGS, Quarantined, [811], [179812],1.0.1136

File: 37
PUP.Optional.Spigot, C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJIBM5RM.DEFAULT\PREFS.JS, Removal Failed, [811], [301667],1.0.1136
PUP.Optional.OpenCandy, C:\Users\Patrick\AppData\Roaming\OpenCandy\82293194C6C14B05829017B838DE1954\AVG-PC-TuneUp2014.exe, Delete-on-Reboot, [645], [173202],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\config.ini, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang\Res1031.ini, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang\Res1033.ini, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang\Res1034.ini, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang\Res1036.ini, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\Lang\Res1040.ini, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search-chevron-hover.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\amazon.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\ebay.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\facebook.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\googleplus.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\icon_settings.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\radio-close.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\radio-minimize.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\radiobeta.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search-button-hover.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search-button.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search-chevron.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search_amazon.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search_baidu.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search_ebay.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search_yahoo.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\search_yandex.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\twitter.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\vuze-app-logo.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\vuze-logo-hover.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\vuze-logo.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\vuze-remote.gif, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\Res\widgets.xml, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.Spigot, C:\Program Files (x86)\Vuze Remote Toolbar\WidgiHelper.exe, Delete-on-Reboot, [811], [179810],1.0.1136
PUP.Optional.APNToolBar, C:\USERS\PATRICK\DOWNLOADS\SFINSTALLER_SFFZ_FILEZILLA_8992693_.EXE, Delete-on-Reboot, [8568], [76243],1.0.1136
PUP.Optional.InstallCore, C:\USERS\PATRICK\DOWNLOADS\AGSETUP183SE.EXE, Delete-on-Reboot, [8], [300954],1.0.1136
PUP.Optional.Spigot, C:\Users\Patrick\AppData\Local\Slick Savings\coupons.crx, Delete-on-Reboot, [811], [180683],1.0.1136
PUP.Optional.Spigot, C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XJIBM5RM.DEFAULT\SEARCHPLUGINS\YAHOO_FF.XML, Delete-on-Reboot, [811], [243427],1.0.1136

Physical Sector: 0
(No malicious items detected)


(end)



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 31 January 2017 - 07:33 AM

How is the computer running after the restart?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!