Hello SWI!
Well, it has been almost 2 years ago exactly that I ran into this before, slow computer, screen hanging up etc.
I read the "before you post" thread and have saved the required logs.
Big thanks in adavance for any and all help!!
Malware bytes:
malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/18/17
Scan Time: 3:15 PM
Logfile: SCAN 11817.txt
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1051
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: System
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262974
Time Elapsed: 7 min, 33 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
Farbar scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2017
Ran by Owner (administrator) on OWNER-PC (18-01-2017 15:39:41)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe
(Techinline Ltd.) C:\Program Files\Techinline\Remote Desktop\TiClientCoreLauncher.exe
(PC Drivers HeadQuarters LP) C:\Program Files\Veloxum\iPTE\DriverSupportAO.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-17] (AVAST Software)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\MountPoints2: F - F:\TL_Bootstrap.exe
HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\MountPoints2: {cec6d832-6569-11e3-b3b2-bcaec5b3794b} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\MountPoints2: {fb571409-22d6-11e6-b40d-bcaec5b3794b} - F:\TL_Bootstrap.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\{43F6A~1\1170~1.1\cesi.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-18]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-468847622-3825468100-367270768-1000] => 127.0.0.1:80
AutoConfigURL: [S-1-5-21-468847622-3825468100-367270768-1000] => 127.0.0.1:80
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F6436258-FA39-4239-A1E5-42A7B7E9E64B}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Internet Explorer:
==================
HKU\S-1-5-21-468847622-3825468100-367270768-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-468847622-3825468100-367270768-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-468847622-3825468100-367270768-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-04] (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-03] (Sun Microsystems, Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\egadaiqk.default-1479069439216 [2017-01-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-02-20]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 DSAO; C:\Program Files\Veloxum\iPTE\DriverSupportAOsvc.exe [2029008 2016-03-11] (PC Drivers HeadQuarters LP)
R2 FixMe.IT Process Launcher Service; C:\Program Files\Techinline\Remote Desktop\TiClientCoreLauncher.exe [518312 2016-09-23] (Techinline Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-04] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2016-12-14] ()
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-13] (Atheros Communications, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2017-01-18] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2017-01-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-01-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2017-01-18] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-01-18] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-15] ()
S3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2014-11-17] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [22016 2014-11-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2014-11-17] (LG Electronics Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1077760 2009-08-17] (VIA Technologies, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 15:39 - 2017-01-18 15:40 - 00011385 _____ C:\Users\Owner\Downloads\FRST.txt
2017-01-18 15:37 - 2017-01-18 15:38 - 01761792 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2017-01-18 15:37 - 2017-01-18 15:37 - 02419712 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-01-18 15:34 - 2017-01-18 15:34 - 00001041 _____ C:\Users\Owner\Desktop\SCAN 11817.txt
2017-01-18 15:14 - 2017-01-18 15:15 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-18 15:14 - 2017-01-18 15:14 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-18 15:13 - 2017-01-18 15:13 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-18 15:13 - 2017-01-18 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-18 15:13 - 2017-01-18 15:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-18 15:13 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-01-17 21:51 - 2017-01-17 21:51 - 00000346 _____ C:\Users\Owner\Desktop\Netgear Technical Support.txt
2017-01-17 20:16 - 2017-01-17 20:16 - 00001018 _____ C:\Users\Public\Desktop\FixMe.IT Client.lnk
2017-01-17 20:16 - 2017-01-17 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixMe.IT Client
2017-01-17 20:16 - 2017-01-17 20:16 - 00000000 ____D C:\Program Files\Techinline
2017-01-11 15:31 - 2017-01-05 11:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 15:31 - 2017-01-05 11:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 15:31 - 2017-01-05 11:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 15:31 - 2017-01-05 11:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 15:31 - 2017-01-05 11:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 15:31 - 2017-01-05 11:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 15:31 - 2017-01-05 11:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 15:31 - 2017-01-05 11:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 15:31 - 2017-01-05 11:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 15:31 - 2017-01-05 11:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 15:31 - 2017-01-05 11:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 15:31 - 2017-01-05 11:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-20 18:14 - 2016-12-20 18:14 - 03842181 _____ C:\Users\Owner\Desktop\flying wing chem trail.MOV
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 15:39 - 2015-01-08 20:15 - 00000000 ____D C:\FRST
2017-01-18 15:32 - 2009-07-13 22:34 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-18 15:32 - 2009-07-13 22:34 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-18 15:19 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 15:19 - 2009-07-13 20:37 - 00000000 ___HD C:\Windows\tracing
2017-01-18 15:13 - 2015-01-30 16:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 19:54 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\system32\NDF
2017-01-13 18:39 - 2012-08-16 19:43 - 00000000 ____D C:\ProgramData\Skype
2017-01-12 03:04 - 2013-08-15 02:05 - 00000000 ____D C:\Windows\system32\MRT
2017-01-12 03:02 - 2011-03-03 12:21 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2014-05-03 09:16 - 2016-02-19 17:52 - 0000007 ___SH () C:\Users\Owner\AppData\Roaming\date
2014-05-03 09:16 - 2014-05-06 16:15 - 0000002 ___SH () C:\Users\Owner\AppData\Roaming\evf9
2014-12-04 20:38 - 2014-12-17 16:16 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2015-05-05 15:20 - 2015-07-02 23:50 - 0000188 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2012-06-13 15:37 - 2013-01-08 22:51 - 0009216 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-07 14:40 - 2015-05-07 14:40 - 0000001 _____ () C:\Users\Owner\AppData\Local\DSI.DAT
2015-05-07 14:40 - 2015-05-07 14:40 - 0022528 _____ () C:\Users\Owner\AppData\Local\dsisetup3368724271.exe
2015-07-24 21:55 - 2015-07-24 21:55 - 0007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-03-17 18:55 - 2014-03-17 18:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-10 15:03 - 2012-11-10 15:03 - 0000368 ____H () C:\ProgramData\nh265F7yJLaRrp
2012-11-10 14:48 - 2012-11-10 14:48 - 0000368 ____H () C:\ProgramData\NNBW9EtMNYwc5D
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-29 16:43
==================== End of FRST.txt ============================
FARBAR addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2017
Ran by Owner (18-01-2017 15:40:39)
Running from C:\Users\Owner\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2011-03-03 17:34:36)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-468847622-3825468100-367270768-500 - Administrator - Disabled)
Guest (S-1-5-21-468847622-3825468100-367270768-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-468847622-3825468100-367270768-1002 - Limited - Enabled)
Owner (S-1-5-21-468847622-3825468100-367270768-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM\...\{511CFE49-F318-4659-BC3F-73E9DBC3E2A8}) (Version: 2.0.11.138 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM\...\{800B3855-2646-4707-B915-BDCC28F03D63}) (Version: 3.0.45.413 - ArcSoft)
Avast Free Antivirus (HKLM\...\avast) (Version: 12.3.2280 - AVAST Software)
Axis & Allies (HKLM\...\{47836B39-2465-4F39-9D7E-52F70A1C3D72}) (Version: 1.00.000 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 2.27 - Piriform)
Driver Support (HKLM\...\DriverSupport) (Version: 10.0.1.24 - PC Drivers HeadQuarters LP) <==== ATTENTION
Driver Utilities (HKLM\...\{222D57F5-2912-4162-8F63-E7841082C45E}) (Version: 8.0.1 - Driver Utilities)
Dyno2000 Version 3.08 (HKLM\...\Dyno2000 Version 3.08) (Version: - )
FeralHeart version 1.13 (HKLM\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
FixMe.IT Client (HKLM\...\{6890D317-7872-42BD-9416-171D3821CDF5}) (Version: 4.3.1.12181 - Techinline Ltd.)
Free YouTube Downloader 4.1.591 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Hardware Helper (HKLM\...\Hardware Helper_is1) (Version: 11.0 - Driver-Soft Inc.)
HP Button Manager (HKLM\...\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}) (Version: 3.5.00 - Hewlett-Packard)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{575A25F9-3018-46F6-AB97-552B52770877}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Webcam User's Guide (HKLM\...\{2028646C-E143-4DB1-AE19-AA31CA90E103}) (Version: - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
iSkysoft Video Editor(Build 4.7.2) (HKLM\...\iSkysoft Video Editor_is1) (Version: - iSkysoft Software)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
LG VZW United Drivers (HKLM\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{A6E08AC3-F00A-42B4-AF87-A30832769B23}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.31 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
ZillaTube 6.3.2 (HKLM\...\ZillaTube) (Version: 6.3.2 - ZillaTube)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0128954E-2037-4FC1-B270-E3D902685102} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {4901E9CB-79D4-4876-817F-1A585A096E6B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {53DE274A-1AB9-4365-BE85-107F2A4D6797} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6C79EA19-3C4F-40CB-A7A1-49CCFDD89646} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {853EC1AD-1160-493D-ABAD-63D96A91D38D} - System32\Tasks\Driver Support => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9334C323-F100-4656-9BA0-E4AA69C0F9C2} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {9DCC18EC-7C00-4394-A6F7-2ABBAA4459E3} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A18D5B7D-D81F-4360-BA42-BFA6038451A2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC97DB67-5EED-4B38-9394-AF8AC81C553E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D2BF0764-6223-4CF3-817C-3FDE8B60C9E1} - System32\Tasks\SafeZone scheduled Autoupdate 1468972773 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {D5633F42-5020-4CD7-A88F-24EADAC05EE2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {E26AE050-AD51-41B3-AB40-EC3088100BD4} - System32\Tasks\{5B5BC81F-0845-4380-A769-E891364C9CFD} => pcalua.exe -a "C:\Users\Owner\Desktop\Irfanview 2.exe" -d C:\Users\Owner\Desktop
Task: {E7B69673-A4F5-42DC-9467-534823DBB25C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-22] (Adobe Systems Incorporated)
Task: {EC9492D5-8D29-42EC-8206-8F28CAD3434E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\DriverSupport.exe [2015-07-16] (PC Drivers Headquarters)
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-08-30 17:26 - 2016-08-30 17:26 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-30 17:26 - 2016-08-30 17:26 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-18 15:20 - 2017-01-18 15:20 - 04368896 _____ () C:\Program Files\AVAST Software\Avast\defs\17011802\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-14 02:37 - 2016-07-14 02:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-03-01 19:38 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-01 19:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-01-18 15:13 - 2016-12-14 12:55 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-18 15:13 - 2016-12-14 12:55 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-18 15:13 - 2016-12-14 12:55 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\techinline.net -> hxxps://*.techinline.net
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-468847622-3825468100-367270768-1000\...\techinline.net -> hxxps://*.techinline.net
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-468847622-3825468100-367270768-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BYRUA_AGENT => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{BC91A86C-8DFE-4568-B779-A9350412AFC8}] => C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{38718214-42E0-45DF-A09C-61F240B51B98}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{05C9C170-BF32-4D45-B94B-E75187BEB620}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22316B9B-AE5E-4FB8-AF67-1412F96FDAAD}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F453227D-AF98-44E7-8338-6634506A9BFF}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{00713C2D-E823-4465-878B-62FFD70567FF}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{2A9DACF5-7352-46C6-A090-E75E98869DF5}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{4714273B-02B4-4346-9F7B-74FA334546D8}] => LPort=5357
FirewallRules: [{B78F4897-A833-4D6B-BC23-47DD01AC8A40}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DE7549DF-766B-4B4A-BDE0-593F53C2B2B9}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{37FCFFC9-23EB-4470-B7F1-F72C4A424E18}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{88BE2FC7-12E4-4323-9D78-C745910B6898}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7108333C-9922-4103-ABD8-B5841EB54BDF}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{201E44C9-BC39-4514-BE7D-E87CCB12BD72}] => C:\ZillaTube\ZillaTube.exe
FirewallRules: [{06156254-9E92-4674-8BB8-43E5B3B11E3F}] => C:\ZillaTube\ZillaTube.exe
FirewallRules: [{829C07DF-ECE9-4E31-B50B-84FE4D2E7BF6}] => C:\ZillaTube\ZillaTube.exe
FirewallRules: [{698C60A8-B4C6-4697-92F6-7B7ECBC5F7DA}] => C:\ZillaTube\ZillaTube.exe
==================== Restore Points =========================
23-09-2016 21:12:46 Windows Update
19-10-2016 20:32:30 Windows Update
04-11-2016 15:36:15 Windows Update
13-11-2016 03:00:34 Windows Update
15-12-2016 03:00:29 Windows Update
12-01-2017 03:00:30 Windows Update
17-01-2017 20:16:29 Installed FixMe.IT Client
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/17/2017 07:57:07 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C85BD811-2424-4DCC-B57A-8E25085CBCD2}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (01/17/2017 07:56:37 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={960829E9-D0AF-43EF-A6E8-02F878B4E1E5}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (01/17/2017 07:56:06 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={1443BBEC-C005-4B3B-966D-7FCE1F81C0D1}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (01/17/2017 06:48:36 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={F2323E79-598D-441A-B26F-003072CC91A2}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (01/17/2017 06:47:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={5FB09BC8-4881-47E6-A8FC-82EE2436330A}: The user Owner-PC\Owner dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (01/13/2017 06:38:30 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.
Error: (12/26/2016 01:15:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9329
Error: (12/26/2016 01:15:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9329
Error: (12/26/2016 01:15:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/26/2016 01:15:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5351
System errors:
=============
Error: (01/17/2017 09:36:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The FixMe.IT Client Service:cb822bc0-c30e-4891-9832-3e4212885b90 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/17/2017 08:17:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The FixMe.IT Client Service:1df0bbb0-1fea-4f9e-ac70-4c8db325122f service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (01/13/2017 06:36:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (01/12/2017 03:20:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.
Error: (01/12/2017 03:00:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (01/06/2017 05:47:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (12/26/2016 12:28:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (12/26/2016 12:14:37 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
Error: (12/26/2016 12:11:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (12/24/2016 09:06:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
CodeIntegrity:
===================================
Date: 2016-08-21 18:55:40.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-21 18:55:39.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-12 03:23:21.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-12 03:23:20.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-11 11:05:34.691
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-11 11:05:34.535
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-10 20:15:13.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-10 20:15:13.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-04 20:11:44.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-08-04 20:11:44.002
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 77%
Total physical RAM: 2038.18 MB
Available physical RAM: 462.12 MB
Total Virtual: 4076.36 MB
Available Virtual: 2264.75 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:375.71 GB) NTFS
Drive e: () (Fixed) (Total:70.29 GB) (Free:41.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E442F48)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=70.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.2 GB) - (Type=DB)
==================== End of Addition.txt ============================
ROCKET GRANNIE:
esult of Security Analysis by Rocket Grannie (x86) Updated: 18th January, 2017
Running from:C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80TS4L1T (16:08:40 - 01/18/2017)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X86 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Enabled - Up to Date)
Malwarebytes (Enabled - Up to Date)
Malwarebytes (Enabled - Up to Date)
Windows Defender (Disabled - Up to Date)
Avast Antivirus (Enabled - Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI (version 21.0.0.242) is *out of Date*
CCleaner (version 2.27) is *out of Date*
Firefox (version 35.0) is *out of Date*
Java 6 Update 20 (version 6.0.200) is *out of Date*
***----------------Analysis Complete-------------------------***
Edited by mOtOrHeAd, 18 January 2017 - 04:46 PM.