Jump to content


Photo

I got PUP.Optional.Distromatic, checking for more. Thanks!


  • This topic is locked This topic is locked
16 replies to this topic

#1 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 15 January 2017 - 09:37 AM

Hello, first, thanks for your help. I ran a routine scan with Malwarebytes AniMalware and it found PUP.Optional.Distromatic I quarantined it. Originally my computer seamed to run ok, but I think it DID run a little faster after removal of Distromatic. Anyway, just would love some help making sure I don't have anything else. Also, is Distromatic spyware? Thank you!! P.S. Here are the requested scans (I also ran Este Online Scanner and it found nothing) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 1/14/2017 Scan Time: 6:37:00 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.01.14.06 Rootkit Database: v2016.11.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x86 File System: NTFS User: rick Scan Type: Threat Scan Result: Completed Objects Scanned: 259852 Time Elapsed: 20 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) /////////////// ////////////// ////////////// /////////////// //////////// ////////////// Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2017 Ran by rick (administrator) on RICK-PC (14-01-2017 19:03:37) Running from C:\Users\rick\Desktop Loaded Profiles: rick (Available Profiles: rick) Platform: Microsoft® Windows Vista Home Premium Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe () C:\Toshiba\IVP\ISM\pinger.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe () C:\Toshiba\IVP\swupdate\swupdtmr.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Program Files\Toshiba\Utilities\KeNotify.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [861744 2007-04-19] (Synaptics, Inc.) HKLM\...\Run: [NDSTray.exe] => NDSTray.exe HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] () HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448632 2007-03-22] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software) HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA) HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [Google Update] => C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.) HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-01-03] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{8DA2B145-41AD-46B6-B896-302199E21359}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toshibadirect.com/dpdstart SearchScopes: HKLM -> DefaultScope {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; SearchScopes: HKLM -> {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}; SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> DefaultScope {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140731&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140731&p={SearchTerms} DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default [2017-01-14] FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\hbxovwj5.default -> Google FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\hbxovwj5.default -> Secure Search FF Keyword.URL: Mozilla\Firefox\Profiles\hbxovwj5.default -> hxxp://search.yahoo.com/search?fr=mcafee&type=A111US679&p= FF Extension: (ADB Helper) - C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\Extensions\adbhelper@mozilla.org [2016-11-04] FF Extension: (post 2 del.icio.us) - C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\Extensions\del.icio.us@askin.ws.xpi [2016-04-27] FF Extension: (NoScript) - C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29] FF SearchPlugin: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\searchplugins\McSiteAdvisor.xml [2016-03-21] FF SearchPlugin: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\searchplugins\youtube-video-search.xml [2015-02-25] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-28] [not signed] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-04-09] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @talk.google.com/O1DPlugin -> C:\Users\rick\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\rick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\rick\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR Profile: C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default [2017-01-14] CHR Extension: (Google Slides) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02] CHR Extension: (Google Docs) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02] CHR Extension: (Google Drive) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02] CHR Extension: (YouTube) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02] CHR Extension: (Facebook Pixel Helper) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-06-16] CHR Extension: (Google Sheets) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02] CHR Extension: (SiteAdvisor) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-05-02] CHR Extension: (Google Docs Offline) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02] CHR Extension: (Gmail) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software) R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed] R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] () R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed] R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] () R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [114688 2007-04-27] (TOSHIBA Corporation) [File not signed] R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed] R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2017-01-03] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2017-01-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2017-01-03] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2017-01-03] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2017-01-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2017-01-03] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2017-01-03] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2017-01-03] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2017-01-03] (AVAST Software) S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed] S4 KR10N; C:\Windows\system32\drivers\kr10n.sys [207104 2005-09-27] (TOSHIBA CORPORATION) [File not signed] S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed] R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.) S4 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89792 2012-02-22] (McAfee, Inc.) R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 catchme; \??\C:\Users\rick\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 Tosrfcom; no ImagePath S3 TpChoice; system32\DRIVERS\TpChoice.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-14 19:03 - 2017-01-14 19:04 - 00016857 _____ C:\Users\rick\Desktop\FRST.txt 2017-01-14 19:03 - 2017-01-14 19:03 - 00000000 ____D C:\FRST 2017-01-14 18:30 - 2017-01-14 18:31 - 00899072 _____ C:\Users\rick\Desktop\RGSA.exe 2017-01-14 18:28 - 2017-01-14 18:28 - 01761280 _____ (Farbar) C:\Users\rick\Desktop\FRST.exe 2017-01-14 13:09 - 2017-01-14 17:02 - 00005807 _____ C:\Users\rick\Desktop\Lori emails + TO DO.txt 2017-01-13 13:20 - 2017-01-14 10:00 - 00007179 _____ C:\Users\rick\Desktop\pricelist test emails.txt 2017-01-12 12:18 - 2017-01-12 12:18 - 00902976 _____ C:\Users\rick\Desktop\Lori list as of Jan 12 2016 MINUS PTB buyers.csv 2017-01-11 13:57 - 2017-01-12 13:10 - 00000455 _____ C:\Users\rick\Desktop\retarteting ads matt.txt 2017-01-11 08:31 - 2017-01-11 08:31 - 33086800 _____ C:\Users\rick\Desktop\Instagram Avalanche VSL $17.mp4 2017-01-11 08:18 - 2017-01-14 19:01 - 00001164 _____ C:\Users\rick\Desktop\malware scan.txt 2017-01-10 15:03 - 2017-01-10 15:03 - 00019223 _____ C:\Users\rick\Desktop\why matt.odt 2017-01-09 09:50 - 2017-01-09 10:35 - 00077116 _____ C:\Users\rick\Desktop\3WPP vsl script.pdf 2017-01-08 19:26 - 2017-01-09 10:30 - 00025205 _____ C:\Users\rick\Desktop\3wpp new script.odt 2017-01-03 12:20 - 2017-01-03 12:20 - 00000000 ____D C:\Users\rick\AppData\Local\CEF 2017-01-03 12:18 - 2017-01-03 12:18 - 00000000 ____D C:\Users\rick\AppData\Roaming\AVAST Software 2017-01-03 12:17 - 2017-01-03 12:17 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2017-01-03 12:17 - 2017-01-03 12:17 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-01-03 12:17 - 2017-01-03 12:17 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-01-03 12:17 - 2017-01-03 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-01-03 12:17 - 2017-01-03 12:16 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2017-01-03 12:17 - 2017-01-03 12:16 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-01-03 12:17 - 2017-01-03 12:16 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2017-01-03 12:17 - 2017-01-03 12:16 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-01-03 12:17 - 2017-01-03 12:16 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2017-01-03 12:17 - 2017-01-03 12:16 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2017-01-03 12:17 - 2017-01-03 12:16 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-01-03 12:17 - 2017-01-03 12:16 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-01-03 12:16 - 2017-01-03 12:16 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2017-01-03 12:15 - 2017-01-03 12:37 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-03 12:13 - 2017-01-03 12:34 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-03 11:20 - 2017-01-03 11:20 - 00000000 ____D C:\775913204968bb2ffc45c57376d80fb1 2017-01-03 10:12 - 2017-01-03 10:13 - 00000000 ____D C:\Users\rick\Desktop\Unbounce & Infusionsoft stuff 2017-01-02 14:51 - 2017-01-08 14:44 - 00004251 _____ C:\Users\rick\Desktop\optimize instagram.txt 2016-12-21 11:52 - 2016-12-21 11:52 - 00000000 ____D C:\Users\rick\Desktop\RPtWorks 2016-12-16 10:48 - 2016-12-17 22:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-12-16 10:08 - 2017-01-14 11:38 - 00226826 ____N C:\Windows\WindowsUpdate.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-14 19:03 - 2016-11-19 07:05 - 00000000 ____D C:\Users\rick\AppData\LocalLow\Mozilla 2017-01-14 19:00 - 2014-05-18 12:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-14 18:54 - 2012-04-06 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-14 18:52 - 2016-05-02 10:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-01-14 18:50 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-14 18:50 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-14 18:44 - 2015-05-18 06:13 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0.job 2017-01-14 18:32 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf 2017-01-14 18:18 - 2014-06-21 12:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20.job 2017-01-14 17:02 - 2016-10-26 12:15 - 00000000 ____D C:\Users\rick\Desktop\Biz Booster Checklist 2017-01-14 14:12 - 2014-11-16 19:01 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe.job 2017-01-14 09:17 - 2012-07-22 15:30 - 00027240 _____ C:\Users\rick\AppData\Roaming\nvModes.001 2017-01-14 08:56 - 2006-11-02 04:33 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-14 08:50 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-13 17:51 - 2006-11-02 07:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-12 10:33 - 2016-10-06 08:43 - 00058666 _____ C:\Users\rick\Desktop\Lori NOTES.txt 2017-01-11 19:05 - 2014-02-12 09:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a.job 2017-01-11 15:48 - 2016-10-18 11:48 - 00000000 ____D C:\Users\rick\Desktop\3WPP 2017-01-10 17:15 - 2012-11-01 15:39 - 00000000 ____D C:\Users\rick\AppData\Roaming\vlc 2017-01-10 16:15 - 2012-12-10 19:26 - 00000000 ____D C:\Users\rick\Desktop\Copy Projects 2017-01-10 12:54 - 2012-04-06 14:33 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-01-10 12:54 - 2012-04-06 14:33 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-01-10 12:54 - 2007-05-30 22:23 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-08 10:26 - 2016-10-10 05:40 - 00000000 ____D C:\Users\rick\Desktop\Instagram Swipe File Funnel 2017-01-05 11:28 - 2012-07-30 14:30 - 00003506 _____ C:\Users\rick\Desktop\DSM.txt 2017-01-03 12:48 - 2012-07-30 14:30 - 00000000 ____D C:\Users\rick\Desktop\Unused Desktop 2017-01-03 12:37 - 2013-11-06 18:50 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-01-03 12:37 - 2007-05-30 22:30 - 00000000 ____D C:\ProgramData\McAfee 2017-01-03 12:16 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-12-22 20:45 - 2012-04-06 15:50 - 00000000 ___RD C:\Users\rick\Pictures 2016-12-22 11:28 - 2016-10-26 12:14 - 00000000 ____D C:\Users\rick\Desktop\Tax stuff 2016-12-17 22:39 - 2012-07-23 08:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-12-16 15:58 - 2007-05-30 19:44 - 00000000 __SHD C:\Windows\Installer ==================== Files in the root of some directories ======= 2012-07-22 15:30 - 2017-01-14 09:17 - 0027240 _____ () C:\Users\rick\AppData\Roaming\nvModes.001 2012-07-22 11:51 - 2016-10-27 07:07 - 0027240 _____ () C:\Users\rick\AppData\Roaming\nvModes.dat 2012-08-01 15:44 - 2014-03-18 09:26 - 0000680 _____ () C:\Users\rick\AppData\Local\d3d9caps.dat 2012-07-22 12:12 - 2014-10-19 15:18 - 0004608 _____ () C:\Users\rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-14 09:05 ==================== End of FRST.txt ============================ ///////////////////////// ////////////////////// /////////////////////// //////////////////////// Result of Security Analysis by Rocket Grannie (x86) Updated: 17th December, 2016 Running from:C:\Users\rick\Desktop (20:00:37 - 01/14/2017) ***---------------------------------------------------------*** Microsoft® Windows Vista Home Premium X86 Service Pack 2 UAC is Enabled! Internet Explorer 8 Default Browser: Firefox ***------------Antivirus - Antispyware - Firewall-----------*** Avast Antivirus's ProductState is indeterminate Windows Defender (Disabled - Not Up to Date) Avast Antivirus's ProductState is indeterminate Windows Firewall (Enabled) *No other Firewall Installed* ***-------Security Programs - Browsers - Miscellaneous------*** Adobe Flash Player Plugin (version 24.0.0.194) Firefox (version 50) Malwarebytes Anti-Malware (version 2.2.1.1043) Microsoft Silverlight (version 5.1) CCleaner (version 3.21) is *out of Date* Google Chrome (version 49.0.2623.112) is *out of Date* Java 7 Update 65 (version 7.0.650) is *out of Date* Spybot - Search & Destroy (version 1.6.2) is *out of Date* ***----------------Analysis Complete-------------------------***

#2 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 15 January 2017 - 09:40 AM

Hmmm... not sure why my post showed up like that. let me try it again...

Hello, first, thanks for your help.

I ran a routine scan with Malwarebytes AniMalware and it found PUP.Optional.Distromatic

I quarantined it. Originally my computer seamed to run ok, but I think it DID run a little faster after removal of Distromatic.

Anyway, just would love some help making sure I don't have anything else.

Also, is Distromatic spyware?


Thank you!!




Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/14/2017
Scan Time: 6:37:00 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.01.14.06
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: rick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259852
Time Elapsed: 20 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




///////////////
//////////////
//////////////
///////////////
////////////
//////////////






Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-01-2017
Ran by rick (administrator) on RICK-PC (14-01-2017 19:03:37)
Running from C:\Users\rick\Desktop
Loaded Profiles: rick (Available Profiles: rick)
Platform: Microsoft® Windows Vista Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-04-10] (Chicony)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [861744 2007-04-19] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [HWSetup] => \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] => C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448632 2007-03-22] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-03] (AVAST Software)
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [417792 2007-01-22] (TOSHIBA)
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [Google Update] => C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-01-03] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8DA2B145-41AD-46B6-B896-302199E21359}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> DefaultScope {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140731&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140731&p={SearchTerms}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default [2017-01-14]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\hbxovwj5.default -> Google
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\hbxovwj5.default -> Secure Search
FF Keyword.URL: Mozilla\Firefox\Profiles\hbxovwj5.default -> hxxp://search.yahoo.com/search?fr=mcafee&type=A111US679&p=
FF Extension: (ADB Helper) - C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\Extensions\adbhelper@mozilla.org [2016-11-04]
FF Extension: (post 2 del.icio.us) - C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\Extensions\del.icio.us@askin.ws.xpi [2016-04-27]
FF Extension: (NoScript) - C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-29]
FF SearchPlugin: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\searchplugins\McSiteAdvisor.xml [2016-03-21]
FF SearchPlugin: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\searchplugins\youtube-video-search.xml [2015-02-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-28] [not signed]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-04-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @talk.google.com/O1DPlugin -> C:\Users\rick\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @tools.google.com/Google Update;version=3 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1683131032-1005017986-1901925349-1000: @tools.google.com/Google Update;version=9 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\rick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\rick\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR Profile: C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-02]
CHR Extension: (Google Docs) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-02]
CHR Extension: (Google Drive) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-02]
CHR Extension: (YouTube) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-02]
CHR Extension: (Facebook Pixel Helper) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-06-16]
CHR Extension: (Google Sheets) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-02]
CHR Extension: (SiteAdvisor) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-05-02]
CHR Extension: (Google Docs Offline) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR Extension: (Gmail) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-03] (AVAST Software)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [63096 2007-01-25] ()
R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [114688 2007-04-27] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2017-01-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2017-01-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2017-01-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2017-01-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2017-01-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2017-01-03] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2017-01-03] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2017-01-03] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2017-01-03] (AVAST Software)
S4 KR10I; C:\Windows\system32\drivers\kr10i.sys [216320 2006-02-14] (TOSHIBA CORPORATION) [File not signed]
S4 KR10N; C:\Windows\system32\drivers\kr10n.sys [207104 2005-09-27] (TOSHIBA CORPORATION) [File not signed]
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S4 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [89792 2012-02-22] (McAfee, Inc.)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\rick\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; no ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 19:03 - 2017-01-14 19:04 - 00016857 _____ C:\Users\rick\Desktop\FRST.txt
2017-01-14 19:03 - 2017-01-14 19:03 - 00000000 ____D C:\FRST
2017-01-14 18:30 - 2017-01-14 18:31 - 00899072 _____ C:\Users\rick\Desktop\RGSA.exe
2017-01-14 18:28 - 2017-01-14 18:28 - 01761280 _____ (Farbar) C:\Users\rick\Desktop\FRST.exe
2017-01-14 13:09 - 2017-01-14 17:02 - 00005807 _____ C:\Users\rick\Desktop\Lori emails + TO DO.txt
2017-01-13 13:20 - 2017-01-14 10:00 - 00007179 _____ C:\Users\rick\Desktop\pricelist test emails.txt
2017-01-12 12:18 - 2017-01-12 12:18 - 00902976 _____ C:\Users\rick\Desktop\Lori list as of Jan 12 2016 MINUS PTB buyers.csv
2017-01-11 13:57 - 2017-01-12 13:10 - 00000455 _____ C:\Users\rick\Desktop\retarteting ads matt.txt
2017-01-11 08:31 - 2017-01-11 08:31 - 33086800 _____ C:\Users\rick\Desktop\Instagram Avalanche VSL $17.mp4
2017-01-11 08:18 - 2017-01-14 19:01 - 00001164 _____ C:\Users\rick\Desktop\malware scan.txt
2017-01-10 15:03 - 2017-01-10 15:03 - 00019223 _____ C:\Users\rick\Desktop\why matt.odt
2017-01-09 09:50 - 2017-01-09 10:35 - 00077116 _____ C:\Users\rick\Desktop\3WPP vsl script.pdf
2017-01-08 19:26 - 2017-01-09 10:30 - 00025205 _____ C:\Users\rick\Desktop\3wpp new script.odt
2017-01-03 12:20 - 2017-01-03 12:20 - 00000000 ____D C:\Users\rick\AppData\Local\CEF
2017-01-03 12:18 - 2017-01-03 12:18 - 00000000 ____D C:\Users\rick\AppData\Roaming\AVAST Software
2017-01-03 12:17 - 2017-01-03 12:17 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-01-03 12:17 - 2017-01-03 12:17 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2017-01-03 12:17 - 2017-01-03 12:17 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2017-01-03 12:17 - 2017-01-03 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-01-03 12:17 - 2017-01-03 12:16 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-01-03 12:17 - 2017-01-03 12:16 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-03 12:17 - 2017-01-03 12:16 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-01-03 12:17 - 2017-01-03 12:16 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-01-03 12:17 - 2017-01-03 12:16 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2017-01-03 12:17 - 2017-01-03 12:16 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-01-03 12:17 - 2017-01-03 12:16 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-01-03 12:17 - 2017-01-03 12:16 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-01-03 12:16 - 2017-01-03 12:16 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2017-01-03 12:15 - 2017-01-03 12:37 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-03 12:13 - 2017-01-03 12:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-03 11:20 - 2017-01-03 11:20 - 00000000 ____D C:\775913204968bb2ffc45c57376d80fb1
2017-01-03 10:12 - 2017-01-03 10:13 - 00000000 ____D C:\Users\rick\Desktop\Unbounce & Infusionsoft stuff
2017-01-02 14:51 - 2017-01-08 14:44 - 00004251 _____ C:\Users\rick\Desktop\optimize instagram.txt
2016-12-21 11:52 - 2016-12-21 11:52 - 00000000 ____D C:\Users\rick\Desktop\RPtWorks
2016-12-16 10:48 - 2016-12-17 22:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-16 10:08 - 2017-01-14 11:38 - 00226826 ____N C:\Windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-14 19:03 - 2016-11-19 07:05 - 00000000 ____D C:\Users\rick\AppData\LocalLow\Mozilla
2017-01-14 19:00 - 2014-05-18 12:08 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-14 18:54 - 2012-04-06 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-14 18:52 - 2016-05-02 10:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-14 18:50 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-14 18:50 - 2006-11-02 06:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-14 18:44 - 2015-05-18 06:13 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0.job
2017-01-14 18:32 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf
2017-01-14 18:18 - 2014-06-21 12:49 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20.job
2017-01-14 17:02 - 2016-10-26 12:15 - 00000000 ____D C:\Users\rick\Desktop\Biz Booster Checklist
2017-01-14 14:12 - 2014-11-16 19:01 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe.job
2017-01-14 09:17 - 2012-07-22 15:30 - 00027240 _____ C:\Users\rick\AppData\Roaming\nvModes.001
2017-01-14 08:56 - 2006-11-02 04:33 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-14 08:50 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 17:51 - 2006-11-02 07:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-12 10:33 - 2016-10-06 08:43 - 00058666 _____ C:\Users\rick\Desktop\Lori NOTES.txt
2017-01-11 19:05 - 2014-02-12 09:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a.job
2017-01-11 15:48 - 2016-10-18 11:48 - 00000000 ____D C:\Users\rick\Desktop\3WPP
2017-01-10 17:15 - 2012-11-01 15:39 - 00000000 ____D C:\Users\rick\AppData\Roaming\vlc
2017-01-10 16:15 - 2012-12-10 19:26 - 00000000 ____D C:\Users\rick\Desktop\Copy Projects
2017-01-10 12:54 - 2012-04-06 14:33 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-10 12:54 - 2012-04-06 14:33 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-10 12:54 - 2007-05-30 22:23 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 10:26 - 2016-10-10 05:40 - 00000000 ____D C:\Users\rick\Desktop\Instagram Swipe File Funnel
2017-01-05 11:28 - 2012-07-30 14:30 - 00003506 _____ C:\Users\rick\Desktop\DSM.txt
2017-01-03 12:48 - 2012-07-30 14:30 - 00000000 ____D C:\Users\rick\Desktop\Unused Desktop
2017-01-03 12:37 - 2013-11-06 18:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-03 12:37 - 2007-05-30 22:30 - 00000000 ____D C:\ProgramData\McAfee
2017-01-03 12:16 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-12-22 20:45 - 2012-04-06 15:50 - 00000000 ___RD C:\Users\rick\Pictures
2016-12-22 11:28 - 2016-10-26 12:14 - 00000000 ____D C:\Users\rick\Desktop\Tax stuff
2016-12-17 22:39 - 2012-07-23 08:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-16 15:58 - 2007-05-30 19:44 - 00000000 __SHD C:\Windows\Installer

==================== Files in the root of some directories =======

2012-07-22 15:30 - 2017-01-14 09:17 - 0027240 _____ () C:\Users\rick\AppData\Roaming\nvModes.001
2012-07-22 11:51 - 2016-10-27 07:07 - 0027240 _____ () C:\Users\rick\AppData\Roaming\nvModes.dat
2012-08-01 15:44 - 2014-03-18 09:26 - 0000680 _____ () C:\Users\rick\AppData\Local\d3d9caps.dat
2012-07-22 12:12 - 2014-10-19 15:18 - 0004608 _____ () C:\Users\rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-14 09:05

==================== End of FRST.txt ============================














/////////////////////////
//////////////////////
///////////////////////
////////////////////////





Result of Security Analysis by Rocket Grannie (x86) Updated: 17th December, 2016
Running from:C:\Users\rick\Desktop (20:00:37 - 01/14/2017)
***---------------------------------------------------------***
Microsoft® Windows Vista Home Premium X86 Service Pack 2
UAC is Enabled!
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus's ProductState is indeterminate
Windows Defender (Disabled - Not Up to Date)
Avast Antivirus's ProductState is indeterminate
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 24.0.0.194)
Firefox (version 50)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)

CCleaner (version 3.21) is *out of Date*
Google Chrome (version 49.0.2623.112) is *out of Date*
Java 7 Update 65 (version 7.0.650) is *out of Date*
Spybot - Search & Destroy (version 1.6.2) is *out of Date*

***----------------Analysis Complete-------------------------***




//// este scanner found nothing....

#3 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 15 January 2017 - 04:43 PM

Hello TimmU.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.
 

 

Also, is Distromatic spyware?

Distromatic is a PUP (Potentially Unwanted Program). A PUP is a program that may be unwanted, despite the possibility that users consented to download it and they may include spyware, adware, toolbars. However it is not considered malware.

 

Please post the contents of Addition.txt that was created by Farbar Recovery Scan Tool (FRST). It should be on the Desktop.


Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right click on the icon and chose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

Please download Junkware Removal Tool and save it to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Right-click on the icon and select Run as administrator.
  • The tool will open and check for updates. You will see the Disclaimer.
  • Press any key to continue and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.

Please post the contents of JRT.txt into your next reply.


To summarize please post:
The contents of Addittion.txt created by FRST.
AdwCleaner log.
Junkware Removal Tool log.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#4 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 16 January 2017 - 02:35 PM

Thanks Android 888! Here is the contents of Addition.txt (I will do those scans now) and will update with the logs. Thanks again!... Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-01-2017 Ran by rick (14-01-2017 19:04:25) Running from C:\Users\rick\Desktop Microsoft® Windows Vista Home Premium Service Pack 2 (X86) (2012-04-06 21:10:09) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1683131032-1005017986-1901925349-500 - Administrator - Disabled) Guest (S-1-5-21-1683131032-1005017986-1901925349-501 - Limited - Disabled) rick (S-1-5-21-1683131032-1005017986-1901925349-1000 - Administrator - Enabled) => C:\Users\rick ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.1.4.20 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software) AVerMedia USB Hybrid Capture Device 1.3.0.67 (HKLM\...\AVerMedia USB Hybrid Capture Device) (Version: 1.3.0.67 - AVerMedia TECHNOLOGIES, Inc.) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - ) Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform) CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA) Desktop Dialer (HKLM\...\Desktop Dialer) (Version: - ) DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle) JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) mCore (Version: 9.09.0000 - Intel Corporation) Hidden mHelp (Version: 9.09.0000 - Intel) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) mMHouse (Version: 9.09.0000 - Intel Corporation) Hidden Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) mPfMgr (Version: 9.09.0000 - Intel Corporation) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) oggcodecs 0.71.0946 (HKLM\...\oggcodecs) (Version: 0.71.0946 - illiminable) OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Skype 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.2.0 - Synaptics) Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.) TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - ) TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.00.21 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation) TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA) TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA) TOSHIBA Music (HKLM\...\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}) (Version: 1.00.1 - Toshiba America Information Systems) Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.) TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA) TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD03) - Agere Systems) TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA) TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.24 - TOSHIBA Corporation) Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1524\atucfobj.dll (Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02CC73FD-943B-4E54-A754-8311B608DECA} - System32\Tasks\SafeZone scheduled Autoupdate 1483467585 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: {20BF0B3E-9892-487A-BC5D-2FE8F245A016} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {238DD3DA-4F56-4A47-9E89-2C84BD9FD8AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd) Task: {4CFF698E-9F27-4E17-891D-B72521BF6AB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0e3188a7063ba => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {8FB5EA54-6DF5-4607-A4C2-563FF1800959} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.) Task: {A829C3C5-DDF0-416A-AFC8-6749AFA1179F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.) Task: {A9D5175D-C555-4B58-BC0C-999AD84E1EDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AF34370F-3687-491D-9B1F-F7208878037C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated) Task: {BAA5AE82-4661-4511-AF02-1F07F2D24EDB} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab8b98c9d97e => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.) Task: {BD7E7B2E-0E86-45CB-AC29-BC1879CEF823} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-03] (AVAST Software) Task: {D31E04A3-B015-419E-87B7-9C07A9CE3DEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {D6273ED8-0C55-4743-8F16-1A687FBA3DB7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation) Task: {DDFF6666-3866-4D99-A3AB-71D8C3394B83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {EE27A12A-34AC-4854-BD93-80DE74E951F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d0417f569c24b0 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {EE9D17B7-0363-4D00-8A0E-CD27AC4E05C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-01-03 12:16 - 2017-01-03 12:16 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-03 12:16 - 2017-01-03 12:16 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-01-14 12:51 - 2017-01-14 12:51 - 04444072 _____ () C:\Program Files\AVAST Software\Avast\defs\17011400\algo.dll 2006-10-17 18:13 - 2006-10-17 18:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll 2007-03-06 17:40 - 2007-03-06 17:40 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL 2007-05-30 22:06 - 2007-01-25 18:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe 2007-05-30 22:06 - 2007-01-25 18:50 - 00063096 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe 2012-04-06 15:30 - 2007-05-17 17:03 - 04813312 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe 2006-11-06 18:14 - 2006-11-06 18:14 - 00034352 _____ () C:\Program Files\Toshiba\Utilities\KeNotify.exe 2006-11-09 19:27 - 2006-11-09 19:27 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll 2007-05-30 21:03 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll 2006-11-08 19:08 - 2006-11-08 19:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll 2007-05-30 20:50 - 2007-04-23 11:38 - 00009216 _____ () C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll 2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2006-12-01 19:55 - 2006-12-01 19:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll 2017-01-03 12:16 - 2017-01-03 12:16 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 04:23 - 2012-07-25 09:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [{E6B074BD-6FF1-4D1D-924D-06BA35F59D1F}] => C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe FirewallRules: [{4EB269D1-0CAB-4738-B68E-790AE63FFDB1}] => C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe FirewallRules: [{0D179B71-F2EB-4B8D-A228-3672EA5A0234}] => C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe FirewallRules: [{8439B5C7-A61E-42DB-99A7-5D4A99152B77}] => C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe FirewallRules: [TCP Query User{BC5A3B6D-A9CF-4882-982D-3A248890DA99}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe] => C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe FirewallRules: [UDP Query User{E41AF2EC-6BD4-4221-8E3D-373A89275B4B}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe] => C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe FirewallRules: [{4D530EA7-4F72-4327-A434-D4E99FEAEB35}] => C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{C93F338D-4849-406F-A167-5E1D5571C5C7}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{D6B11853-2647-447E-8562-D888925B5952}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{184B1040-C438-4272-A266-113972544D5E}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{9E59C28B-20A2-4A80-A223-3F5310D84D4F}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{C9820844-A8A7-438E-B262-639A7B2BBF76}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe FirewallRules: [{6A26DD79-D3FF-4F94-9F08-3832F245E8A1}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{2D07D487-22F4-4D22-AABC-069A964DDAA0}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{9B232314-DBC7-4244-BF28-FA4BB7A62DF7}] => C:\Program Files\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger ==================== Restore Points ========================= 13-06-2016 16:25:06 Scheduled Checkpoint 16-06-2016 12:37:25 Windows Update 17-06-2016 13:30:57 Scheduled Checkpoint 19-06-2016 14:33:30 Scheduled Checkpoint 20-06-2016 13:58:17 Scheduled Checkpoint 21-06-2016 04:34:47 Scheduled Checkpoint 21-06-2016 18:10:30 Scheduled Checkpoint 22-06-2016 08:57:32 Scheduled Checkpoint 23-06-2016 12:58:15 Scheduled Checkpoint 23-06-2016 15:45:55 Windows Update 25-06-2016 14:31:30 Scheduled Checkpoint 26-06-2016 07:21:59 Scheduled Checkpoint 27-06-2016 08:41:43 Scheduled Checkpoint 27-06-2016 22:18:02 Scheduled Checkpoint 28-06-2016 19:59:45 Scheduled Checkpoint 07-07-2016 08:38:26 Scheduled Checkpoint 06-09-2016 17:45:08 Windows Update ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/14/2017 09:17:13 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/13/2017 04:09:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (01/13/2017 04:08:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/13/2017 08:01:44 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/12/2017 10:07:18 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/11/2017 07:50:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/10/2017 11:07:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/09/2017 08:27:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (01/09/2017 08:26:08 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/08/2017 09:09:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (01/14/2017 08:50:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/13/2017 04:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/13/2017 08:00:17 AM) (Source: VDS Dynamic Provider) (EventID: 10) (User: ) Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 Error: (01/13/2017 08:00:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/12/2017 10:06:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/11/2017 07:49:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/10/2017 11:05:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/09/2017 08:25:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/08/2017 09:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (01/07/2017 08:37:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. CodeIntegrity: =================================== Date: 2017-01-14 18:45:24.666 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:24.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:23.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:23.200 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:22.716 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:22.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:21.686 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:21.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:20.688 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2017-01-14 18:45:20.173 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz Percentage of memory in use: 43% Total physical RAM: 2045.69 MB Available physical RAM: 1152.07 MB Total Virtual: 4332.62 MB Available Virtual: 2744.8 MB ==================== Drives ================================ Drive c: (SQ004441V05) (Fixed) (Total:110.32 GB) (Free:60.09 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 8C87AA4B) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=110.3 GB) - (Type=07 NTFS) Could not read MBR for disk 1. ==================== End of Addition.txt ============================

#5 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 16 January 2017 - 02:37 PM

Not sure what's going on with how my posts show up. Sorry. Here is Addition.txt again ( I will the asked for scans and update you asap. Thanks!)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-01-2017
Ran by rick (14-01-2017 19:04:25)
Running from C:\Users\rick\Desktop
Microsoft® Windows Vista Home Premium Service Pack 2 (X86) (2012-04-06 21:10:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1683131032-1005017986-1901925349-500 - Administrator - Disabled)
Guest (S-1-5-21-1683131032-1005017986-1901925349-501 - Limited - Disabled)
rick (S-1-5-21-1683131032-1005017986-1901925349-1000 - Administrator - Enabled) => C:\Users\rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.1.4.20 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
AVerMedia USB Hybrid Capture Device 1.3.0.67 (HKLM\...\AVerMedia USB Hybrid Capture Device) (Version: 1.3.0.67 - AVerMedia TECHNOLOGIES, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.06(T) - )
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.140.0517 - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.00.03 - TOSHIBA)
Desktop Dialer (HKLM\...\Desktop Dialer) (Version: - )
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
mCore (Version: 9.09.0000 - Intel Corporation) Hidden
mHelp (Version: 9.09.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
mMHouse (Version: 9.09.0000 - Intel Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
mPfMgr (Version: 9.09.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
oggcodecs 0.71.0946 (HKLM\...\oggcodecs) (Version: 0.71.0946 - illiminable)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype 7.28 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.2.2.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.02 - )
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.29 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.00.21 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.48.0.3C - TOSHIBA)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.48.0.11C - TOSHIBA)
TOSHIBA Music (HKLM\...\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}) (Version: 1.00.1 - Toshiba America Information Systems)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD03) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.2 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.48.0.8C - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.24 - TOSHIBA Corporation)
Utility Common Driver (Version: 0.0.50.7C - TOSHIBA) Hidden
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1524\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02CC73FD-943B-4E54-A754-8311B608DECA} - System32\Tasks\SafeZone scheduled Autoupdate 1483467585 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {20BF0B3E-9892-487A-BC5D-2FE8F245A016} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {238DD3DA-4F56-4A47-9E89-2C84BD9FD8AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {4CFF698E-9F27-4E17-891D-B72521BF6AB7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0e3188a7063ba => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8FB5EA54-6DF5-4607-A4C2-563FF1800959} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {A829C3C5-DDF0-416A-AFC8-6749AFA1179F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {A9D5175D-C555-4B58-BC0C-999AD84E1EDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AF34370F-3687-491D-9B1F-F7208878037C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {BAA5AE82-4661-4511-AF02-1F07F2D24EDB} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab8b98c9d97e => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-02] (Google Inc.)
Task: {BD7E7B2E-0E86-45CB-AC29-BC1879CEF823} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-03] (AVAST Software)
Task: {D31E04A3-B015-419E-87B7-9C07A9CE3DEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D6273ED8-0C55-4743-8F16-1A687FBA3DB7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {DDFF6666-3866-4D99-A3AB-71D8C3394B83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EE27A12A-34AC-4854-BD93-80DE74E951F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d0417f569c24b0 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EE9D17B7-0363-4D00-8A0E-CD27AC4E05C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20 => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1cf280b21b9968a.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000Core1d00201f3db11fe.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1cf8d8184981a20.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1683131032-1005017986-1901925349-1000UA1d0916419f4f6b0.job => C:\Users\rick\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-03 12:16 - 2017-01-03 12:16 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-03 12:16 - 2017-01-03 12:16 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-14 12:51 - 2017-01-14 12:51 - 04444072 _____ () C:\Program Files\AVAST Software\Avast\defs\17011400\algo.dll
2006-10-17 18:13 - 2006-10-17 18:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-03-06 17:40 - 2007-03-06 17:40 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2007-05-30 22:06 - 2007-01-25 18:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2007-05-30 22:06 - 2007-01-25 18:50 - 00063096 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2012-04-06 15:30 - 2007-05-17 17:03 - 04813312 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2006-11-06 18:14 - 2006-11-06 18:14 - 00034352 _____ () C:\Program Files\Toshiba\Utilities\KeNotify.exe
2006-11-09 19:27 - 2006-11-09 19:27 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2007-05-30 21:03 - 2006-10-10 12:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2006-11-08 19:08 - 2006-11-08 19:08 - 00009216 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2007-05-30 20:50 - 2007-04-23 11:38 - 00009216 _____ () C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 19:55 - 2006-12-01 19:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2017-01-03 12:16 - 2017-01-03 12:16 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 C:\Users\rick\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{E6B074BD-6FF1-4D1D-924D-06BA35F59D1F}] => C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [{4EB269D1-0CAB-4738-B68E-790AE63FFDB1}] => C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [{0D179B71-F2EB-4B8D-A228-3672EA5A0234}] => C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
FirewallRules: [{8439B5C7-A61E-42DB-99A7-5D4A99152B77}] => C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
FirewallRules: [TCP Query User{BC5A3B6D-A9CF-4882-982D-3A248890DA99}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe] => C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe
FirewallRules: [UDP Query User{E41AF2EC-6BD4-4221-8E3D-373A89275B4B}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe] => C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe
FirewallRules: [{4D530EA7-4F72-4327-A434-D4E99FEAEB35}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C93F338D-4849-406F-A167-5E1D5571C5C7}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6B11853-2647-447E-8562-D888925B5952}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{184B1040-C438-4272-A266-113972544D5E}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9E59C28B-20A2-4A80-A223-3F5310D84D4F}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C9820844-A8A7-438E-B262-639A7B2BBF76}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{6A26DD79-D3FF-4F94-9F08-3832F245E8A1}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2D07D487-22F4-4D22-AABC-069A964DDAA0}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9B232314-DBC7-4244-BF28-FA4BB7A62DF7}] => C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger

==================== Restore Points =========================

13-06-2016 16:25:06 Scheduled Checkpoint
16-06-2016 12:37:25 Windows Update
17-06-2016 13:30:57 Scheduled Checkpoint
19-06-2016 14:33:30 Scheduled Checkpoint
20-06-2016 13:58:17 Scheduled Checkpoint
21-06-2016 04:34:47 Scheduled Checkpoint
21-06-2016 18:10:30 Scheduled Checkpoint
22-06-2016 08:57:32 Scheduled Checkpoint
23-06-2016 12:58:15 Scheduled Checkpoint
23-06-2016 15:45:55 Windows Update
25-06-2016 14:31:30 Scheduled Checkpoint
26-06-2016 07:21:59 Scheduled Checkpoint
27-06-2016 08:41:43 Scheduled Checkpoint
27-06-2016 22:18:02 Scheduled Checkpoint
28-06-2016 19:59:45 Scheduled Checkpoint
07-07-2016 08:38:26 Scheduled Checkpoint
06-09-2016 17:45:08 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2017 09:17:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 04:09:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/13/2017 04:08:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/13/2017 08:01:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2017 10:07:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/11/2017 07:50:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 11:07:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2017 08:27:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/09/2017 08:26:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\Toshiba\Utilities\Microsoft.VC80.MFC\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/08/2017 09:09:46 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (01/14/2017 08:50:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/13/2017 04:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/13/2017 08:00:17 AM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (01/13/2017 08:00:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/12/2017 10:06:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/11/2017 07:49:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/10/2017 11:05:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2017 08:25:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/08/2017 09:07:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/07/2017 08:37:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-01-14 18:45:24.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:24.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:23.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:23.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:22.716
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:22.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:21.686
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:21.203
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:20.688
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-01-14 18:45:20.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz
Percentage of memory in use: 43%
Total physical RAM: 2045.69 MB
Available physical RAM: 1152.07 MB
Total Virtual: 4332.62 MB
Available Virtual: 2744.8 MB

==================== Drives ================================

Drive c: (SQ004441V05) (Fixed) (Total:110.32 GB) (Free:60.09 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 8C87AA4B)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=110.3 GB) - (Type=07 NTFS)
Could not read MBR for disk 1.

==================== End of Addition.txt ============================

#6 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 16 January 2017 - 03:31 PM

# AdwCleaner v6.042 - Logfile created 16/01/2017 at 14:47:08
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-15.1 [Server]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (X86)
# Username : rick - RICK-PC
# Running from : C:\Users\rick\Desktop\adwcleaner_6.042.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1171 Bytes] - [16/01/2017 14:47:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1244 Bytes] ##########


























~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows Vista ™ Home Premium x86
Ran by rick (Administrator) on Mon 01/16/2017 at 15:13:36.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 15

Successfully deleted: C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\searchplugins\youtube-video-search.xml (File)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42NPSRQ4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RQ9TUHP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQER05EA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX1Y5K7I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKA3VWY9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSODTFYH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\rick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFPGBTR1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42NPSRQ4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RQ9TUHP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQER05EA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX1Y5K7I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NKA3VWY9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSODTFYH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFPGBTR1 (Temporary Internet Files Folder)

Deleted the following from C:\Users\rick\AppData\Roaming\Mozilla\Firefox\Profiles\hbxovwj5.default\prefs.js
user_pref(browser.search.hiddenOneOffs, Secure Search,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en));
user_pref(browser.search.order.1, Secure Search);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{855EBCAE-7B97-4445-82F4-B1A154BCB12C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/16/2017 at 15:16:59.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 16 January 2017 - 06:04 PM

Hello TimmU.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.
Please follow the directions in the order listed.


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> DefaultScope {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140731&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -> {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US679D20140731&p={SearchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\rick\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; no ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\rick\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

End

 

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.



Please download Sophos Free Virus Removal Tool and save it to your computer's Desktop.

  • Double click the icon and select Run.
  • Click Next.
  • Select 'I accept the terms in this license agreement', then click Next twice.
  • Click Install.
  • Click Finish to launch the program.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste the results in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

 

Now I need you to re-run RGSA with administrator privileges. To do that:

  • Right-click on the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • In a few seconds it will produce a log in your computer's Desktop.

Please post its log in your next reply.


To summarize please post:
The contents of fixlog.txt produced by FRST.
The log produced by Sophos Virus Removal Tool.
RGSA log.

 

How is the computer running now?


Edited by Android 8888, 16 January 2017 - 06:05 PM.

Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 17 January 2017 - 09:52 AM

Thanks Android. Here is the contents of fixlog.

By the way, after downloading Sophos, and after clicking Finish to launch it, it did not launch. So that's where I stopped.

What should I do? I try starting again from Run?


Thanks Android!


Fix result of Farbar Recovery Scan Tool (x86) Version: 15-01-2017
Ran by rick (17-01-2017 09:16:46) Run:1
Running from C:\Users\rick\Desktop
Loaded Profiles: rick (Available Profiles: rick)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction {5A9E3ACF-88BA-46F8-B51C-E58131799460} URL = hxxp://www.google.com/search?q={searchTerms}&amp;rls=com.microsoft:{language}&amp;ie={inputEncoding}&amp;oe={outputEncoding}&amp;startIndex={startIndex?}&amp;startPage={startPage};
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -&gt; DefaultScope {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&amp;type=B011US679D20140731&amp;p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000 -&gt; {855EBCAE-7B97-4445-82F4-B1A154BCB12C} URL = hxxps://search.yahoo.com/search?fr=mcafee&amp;type=B011US679D20140731&amp;p={SearchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\rick\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; no ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.25.5\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.27.5\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.23.9\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.30.3\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.31.5\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.28.1\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.21.153\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.28.13\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.29.5\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.24.15\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.22.3\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.21.165\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.26.9\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.29.1\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.25.11\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.28.15\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.22.5\psuser.dll =&gt; No File
CustomCLSID: HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -&gt; C:\Users\rick\AppData\Local\Google\Update\1.3.24.7\psuser.dll =&gt; No File

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope =&gt; value removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{855EBCAE-7B97-4445-82F4-B1A154BCB12C} =&gt; key not found.
HKCR\CLSID\{855EBCAE-7B97-4445-82F4-B1A154BCB12C} =&gt; key not found.
C:\Users\rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda =&gt; moved successfully
HKLM\System\CurrentControlSet\Services\blbdrive =&gt; key removed successfully.
blbdrive =&gt; service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme =&gt; key removed successfully.
catchme =&gt; service removed successfully.
HKLM\System\CurrentControlSet\Services\IpInIp =&gt; key removed successfully.
IpInIp =&gt; service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFlt =&gt; key removed successfully.
NwlnkFlt =&gt; service removed successfully.
HKLM\System\CurrentControlSet\Services\NwlnkFwd =&gt; key removed successfully.
NwlnkFwd =&gt; service removed successfully.
HKLM\System\CurrentControlSet\Services\Tosrfcom =&gt; key removed successfully.
Tosrfcom =&gt; service removed successfully.
HKLM\System\CurrentControlSet\Services\TpChoice =&gt; key removed successfully.
TpChoice =&gt; service removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} =&gt; key removed successfully.
HKU\S-1-5-21-1683131032-1005017986-1901925349-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} =&gt; key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue =&gt; 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache =&gt; 9183132 B
Java, Flash, Steam htmlcache =&gt; 947 B
Windows/system/drivers =&gt; 0 B
Edge =&gt; 0 B
Chrome =&gt; 822640 B
Firefox =&gt; 446330553 B
Opera =&gt; 0 B

Temp, IE cache, history, cookies, recent:
Users =&gt; 0 B
Default =&gt; 66228 B
Public =&gt; 0 B
ProgramData =&gt; 0 B
systemprofile =&gt; 3251 B
LocalService =&gt; 0 B
NetworkService =&gt; 0 B
rick =&gt; 5513943 B

RecycleBin =&gt; 48428 B
EmptyTemp: =&gt; 448.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:18:30 ====

Edited by TimmU, 17 January 2017 - 09:53 AM.


#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 17 January 2017 - 03:46 PM

Hello TimmU.
 

By the way, after downloading Sophos, and after clicking Finish to launch it, it did not launch. So that's where I stopped.

After you click "Finish" it must have created a shortcut icon on your computer's Desktop.

  • Double-click the shortcut icon to run the tool.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Now click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste the results in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.

 

Then re-run RGSA with administrator privileges. To do that:

  • Right-click on the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.

Please post its log in your next reply.


Please post the contents of the log produced by Sophos and the RGSA log.

Let me know how is the computer running.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#10 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 18 January 2017 - 09:51 PM

Thanks Android.

The Sophos scan turned up totally clean.

Thanks.

Here are the log you requested.

Result of Security Analysis by Rocket Grannie (x86) Updated: 17th December, 2016
Running from:C:\Users\rick\Desktop (21:46:56 - 01/18/2017)
***---------------------------------------------------------***
Microsoft® Windows Vista Home Premium X86 Service Pack 2
UAC is Enabled!
Internet Explorer 8
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus's ProductState is indeterminate
Windows Defender (Disabled - Not Up to Date)
Avast Antivirus's ProductState is indeterminate
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 24.0.0.194)
Firefox (version 50)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)

CCleaner (version 3.21) is *out of Date*
Google Chrome (version 49.0.2623.112) is *out of Date*
Java 7 Update 65 (version 7.0.650) is *out of Date*
Spybot - Search &amp; Destroy (version 1.6.2) is *out of Date*

***----------------Analysis Complete-------------------------***

Edited by TimmU, 18 January 2017 - 09:51 PM.


#11 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 19 January 2017 - 06:42 AM

By the way, the computer is running great. Thanks!

#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 19 January 2017 - 03:52 PM

Hi TimmU.
 

The Sophos scan turned up totally clean.

By the way, the computer is running great. Thanks!

It's good to hear that. Congratulations! Your computer appears to be free of malware. :good:

 

Please re-enable your Avast Antivirus (if you have not already done it).

 

Now you have some programs that need to be updated. Outdated programs contains security vulnerabilities which can be exploited by malware and can contribute to infect your computer.

Please update your browsers:

Google Chrome
You can find instructions on how to do it, here

The latest version of Internet Explorer (IE) for Windows Vista is IE 9.
You can download it here


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 8 Update 121.

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

If present remove the old version(s) of Java using the Programs and Features applet which can be found through Start -> Control Panel -> Programs and Features, if you are not developing Java programs.


Update CCleaner:
You can download and install the latest version here

Update Spybot S&D:
You can download and install the latest version here


IF all the updates went well:

Please download delfix.pngDelFix (by Xplode) and save it to your Desktop.

Close all running programs and start delfix.exe.
Make sure that all available options are checked.
Click on Run.
DelFix should remove all our tools and delete itself afterwards.
I don't need the log file.


Let me know if the updates went well and what issues remains in this computer.

Android 8888.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#13 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 20 January 2017 - 05:15 PM

Thanks Android. I updated java, cc cleaner, and spybot.

Chrome tells me that it doesn't support windows vista anymore. So I cannot update it. Any recommendations I can do about that?

For internet explorer: I never use it. Can I delete that?

Am I clear to use the tool to delete all the tools?

Thanks Android!

#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 21 January 2017 - 04:36 PM

Hi TimmU.
 

Chrome tells me that it doesn't support windows vista anymore. So I cannot update it. Any recommendations I can do about that?

Yes Google cuts off Chrome updates on Windows Vista. Please read this article here.

You may also want to know that Microsoft's support for Vista will be ending in April 2017. That means your computer will become more vulnerable to infections after that date as it will never be updated to fix identified vulnerabilities and your system will remain susceptible to security vulnerabilities.

If you want to keep using Chrome I suggest you start thinking about changing to a newer and modern Operating System to ensure that you continue to receive the latest Chrome versions and features as an outdated version is a security risk.

While you are still using Windows Vista you can use an alternate browser like Firefox or Opera. Opera is a free very light web browser. You can download it here

 

For internet explorer: I never use it. Can I delete that?

Internet Explorer should be kept up to date even if you don't use it as an outdated version is a security risk.

 

Am I clear to use the tool to delete all the tools?

When all is well you can use Delfix to delete all the tools we used.


Are there any issues with this computer?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#15 TimmU

TimmU

    Advanced Member

  • Full Member
  • PipPipPip
  • 193 posts

Posted 24 January 2017 - 09:52 PM

Thanks Android!

Gosh! I did not know that Vista was going to stop getting updates so soon!

For now, even though I realize it's a risk. I am choosing to stay with current chrome, and internet explorer. All is well however. So am I clear to use that tool to clean the tools we used now?

By the way, no issues with the computer.

Thanks again!

#16 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 25 January 2017 - 06:00 AM

Hello TimmU.

 

By the way, no issues with the computer.

It's good to hear that! :good:
 

So am I clear to use that tool to clean the tools we used now?

Yes.


If all is well...

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep Windows updated at Windows Update. I cannot stress enough how important this is.

Keep your Avast Antivirus up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Keep Malwarebytes (MB) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MB can be found here
Please Note: Only the paid for version has real time capabilities.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

A similar category of programs is called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to Adobe Flash Player, Adobe Reader, Adobe Shockwave Player, Java, Microsoft Silverlight and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.


Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. :thumbup:

Android 8888.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#17 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,151 posts

Posted 28 January 2017 - 08:05 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button