Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible Infection [Solved]

Started by xxxerotech , Nov 22 2016 04:40 AM

  • This topic is locked This topic is locked
13 replies to this topic

#1 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 22 November 2016 - 04:40 AM

Hi. I'm sorry to bother you with my stupidity. I think I infected my laptop with some malware/virus. I hope you could help me. Thanks!

 

Here are the logs.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2016 01

Ran by Adadu (administrator) on ADADU-PC (22-11-2016 08:46:03)
Running from C:\Users\Adadu\Downloads
Loaded Profiles: Adadu (Available Profiles: Adadu)
Platform: Micro$hit MacOS X 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\SMART BRO\AssistantServices.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\SMART BRO\UIExec.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
() C:\Users\Adadu\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
(Free Time) C:\Program Files\PicosmosTools\PicosmosTools.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Orbitdownloader.com) C:\Program Files\Orbitdownloader\orbitdm.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [UIExec] => C:\Program Files\SMART BRO\UIExec.exe [139088 2011-04-02] ()
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25673776 2016-11-08] (Dropbox, Inc.)
HKLM\...\Run: [MalwareProtectionLive] => C:\Users\Adadu\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe [1187360 2016-11-12] ()
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [Picosmos] => C:\Program Files\PicosmosTools\PicosmosTools.exe [5733960 2016-05-21] (Free Time)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-31] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-07-10]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2016-11-22]
ShortcutTarget: Orbit.lnk -> C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{A8279C24-18BD-4C66-8A18-90C981C2330E}: [DhcpNameServer] 192.168.254.254 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com
hxxp://go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKU\S-1-5-21-3559194677-4052321422-2392058216-1000 -> {D6A11E6F-EBE6-4811-97BD-E75ECCAC07E2} URL = hxxps://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files\Orbitdownloader\orbitcth.dll [2009-05-19] (Orbitdownloader.com)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-05-19] ()
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Adadu\AppData\Roaming\Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 [2016-11-21]
FF NewTab: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> hxxps://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF Extension: (Firefox Hotfix) - C:\Users\Adadu\AppData\Roaming\Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF ProfilePath: C:\Users\Adadu\AppData\Roaming\Mozilla\Firefox\Profiles\qababq48.default-1479725842724 [2016-11-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-31]
FF HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-26] ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3559194677-4052321422-2392058216-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Adadu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-3559194677-4052321422-2392058216-1000: www.mydlink.com/Uplayer -> C:\Users\Adadu\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-12-02] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2009-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2009-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2009-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2009-12-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default [2016-11-22]
CHR Extension: (Google Slides) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-26]
CHR Extension: (Google Docs) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-26]
CHR Extension: (Google Drive) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-26]
CHR Extension: (YouTube) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-26]
CHR Extension: (Avast SafePrice) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-21]
CHR Extension: (Google Sheets) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-01]
CHR Extension: (Avast Online Security) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-26]
CHR Extension: (Gmail) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-31] (AVAST Software)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-18] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-08] (Dropbox, Inc.)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [239880 2016-02-06] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-08-14] (Microsoft Corporation) [File not signed]
R2 UI Assistant Service; C:\Program Files\SMART BRO\AssistantServices.exe [253264 2011-01-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [91784 2014-12-09] (e2eSoft)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-03-10] () [File not signed]
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107776 2011-03-26] (ZTE Incorporated)
U3 ax1wm31f; C:\Windows\system32\Drivers\ax1wm31f.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-22 08:44 - 2016-11-22 08:44 - 01762304 _____ (Farbar) C:\Users\Adadu\Downloads\FRST.exe
2016-11-22 08:43 - 2016-11-22 08:44 - 05198336 _____ (AVAST Software) C:\Users\Adadu\Downloads\aswMBR.exe
2016-11-22 08:40 - 2016-11-22 08:40 - 00243600 _____ C:\Users\Adadu\Downloads\Firefox Setup Stub 50.0 (1).exe
2016-11-22 08:38 - 2016-11-22 08:41 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-22 08:38 - 2016-11-22 08:41 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-22 08:36 - 2016-11-22 08:36 - 00243600 _____ C:\Users\Adadu\Downloads\Firefox Setup Stub 50.0.exe
2016-11-21 18:42 - 2016-11-21 18:53 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\DMCache
2016-11-21 18:42 - 2016-11-21 18:42 - 00000000 ____D C:\Users\Adadu\Downloads\Video
2016-11-21 18:42 - 2016-11-21 18:42 - 00000000 ____D C:\Users\Adadu\Downloads\Compressed
2016-11-21 18:42 - 2016-11-21 18:42 - 00000000 ____D C:\ProgramData\IDM
2016-11-21 18:41 - 2016-11-21 18:41 - 06907464 _____ (Tonec Inc.) C:\Users\Adadu\Downloads\idman626build10.exe
2016-11-21 18:29 - 2016-11-21 18:32 - 00000000 ____D C:\Users\Adadu\AppData\Local\Free Download Manager
2016-11-21 18:27 - 2016-11-21 18:28 - 41797472 _____ (FreeDownloadManager.ORG ) C:\Users\Adadu\Downloads\fdm5_x86_setup.exe
2016-11-20 14:42 - 2016-11-20 14:42 - 00166094 _____ C:\Windows\ntbtlog.txt
2016-11-20 09:33 - 2016-11-20 09:33 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\WinRAR
2016-11-20 09:25 - 2016-11-20 09:25 - 00204042 _____ C:\Users\Adadu\Downloads\3D_CAMERA_TECH_DOWNLOAD_01_folder.zip
2016-11-18 18:05 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Adadu\AppData\LocalLow\Mozilla
2016-11-18 09:18 - 2016-11-22 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-12 12:34 - 2016-11-12 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 11:54 - 2016-11-11 12:02 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\Audacity
2016-11-11 11:54 - 2016-11-11 11:54 - 00000000 ____D C:\Users\Adadu\AppData\Local\Audacity
2016-11-11 11:52 - 2016-11-11 11:54 - 00000000 ____D C:\Program Files\Audacity
2016-11-11 11:52 - 2016-11-11 11:52 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-11 11:52 - 2016-11-11 11:52 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-11 11:50 - 2016-11-11 11:51 - 26496761 _____ (Audacity Team ) C:\Users\Adadu\Downloads\audacity-win-2.1.2.exe
2016-11-08 06:49 - 2016-11-08 06:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-08 06:49 - 2016-11-08 06:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-08 06:49 - 2016-11-08 06:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-08 06:49 - 2016-11-08 06:49 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-29 22:12 - 2016-10-30 05:26 - 00000000 ____D C:\Users\Adadu\AppData\LocalLow\Wulven Game Studios
2016-10-29 22:08 - 2016-10-29 22:10 - 09296352 _____ (Wulven Game Studios ) C:\Users\Adadu\Downloads\ShadowEra.exe
2016-10-26 11:43 - 2016-11-16 08:58 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-26 11:43 - 2016-11-16 08:58 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-22 08:46 - 2016-07-03 12:12 - 00017615 _____ C:\Users\Adadu\Downloads\FRST.txt
2016-11-22 08:46 - 2016-07-03 12:05 - 00000000 ____D C:\FRST
2016-11-22 08:41 - 2015-07-05 14:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-22 08:33 - 2016-08-24 17:15 - 00000000 ____D C:\Users\Adadu\AppData\Local\MalwareProtectionLive
2016-11-22 08:32 - 2009-07-14 12:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 08:32 - 2009-07-14 12:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-22 08:31 - 2016-05-18 15:15 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-22 08:29 - 2016-08-25 17:33 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\Orbit
2016-11-22 08:29 - 2016-05-18 15:37 - 00000000 ___RD C:\Users\Adadu\Dropbox
2016-11-22 08:28 - 2016-05-18 15:15 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-22 08:28 - 2013-03-10 16:03 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-22 08:27 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-21 18:54 - 2013-03-10 16:03 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-21 18:19 - 2015-12-29 08:21 - 00000000 ____D C:\Users\Adadu\AppData\Local\Battle.net
2016-11-21 16:18 - 2015-12-29 08:18 - 00000000 ____D C:\Program Files\Battle.net
2016-11-21 16:11 - 2013-03-10 16:18 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\vlc
2016-11-20 20:55 - 2016-01-18 15:33 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\CDisplayEx
2016-11-20 12:48 - 2013-03-10 00:37 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-20 06:53 - 2015-12-21 03:58 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\Azureus
2016-11-19 21:38 - 2015-12-21 03:58 - 00000000 ____D C:\Users\Adadu\Documents\Vuze Downloads
2016-11-15 15:33 - 2016-02-28 14:25 - 00000000 ____D C:\Users\Adadu\Desktop\hearthstone
2016-11-12 12:34 - 2016-05-18 15:15 - 00000000 ____D C:\Program Files\Dropbox
2016-11-11 13:50 - 2015-12-29 08:53 - 00000000 ____D C:\Program Files\Hearthstone
2016-11-05 20:46 - 2013-03-10 16:03 - 00000000 ____D C:\Users\Adadu\AppData\Local\Google
2016-10-29 14:13 - 2013-03-10 00:42 - 00717892 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-29 14:13 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-10-28 10:11 - 2009-07-14 12:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-26 11:43 - 2013-03-10 16:03 - 00000000 ____D C:\Program Files\Google
2016-10-26 11:41 - 2013-03-10 16:34 - 00000000 ____D C:\Users\Adadu\AppData\Local\Adobe
2016-10-26 11:41 - 2013-03-10 16:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-26 11:41 - 2013-03-10 16:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-08-07 12:57 - 2016-08-07 21:57 - 0000103 _____ () C:\Users\Adadu\AppData\Roaming\Camdata.ini
2016-08-07 12:57 - 2016-08-07 21:57 - 0000408 _____ () C:\Users\Adadu\AppData\Roaming\CamLayout.ini
2016-08-07 12:57 - 2016-08-07 21:57 - 0000408 _____ () C:\Users\Adadu\AppData\Roaming\CamShapes.ini
2016-08-07 12:57 - 2016-08-07 21:57 - 0004535 _____ () C:\Users\Adadu\AppData\Roaming\CamStudio.cfg
2016-08-07 12:49 - 2016-08-07 21:53 - 0000096 _____ () C:\Users\Adadu\AppData\Roaming\version2.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2009-07-14 07:41] - [2009-09-03 13:51] - 2417664 ____A (Microsoft Corporation) 850AC6E1690E59DF6E6F37D076DD7443
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-11-20 22:10
 
==================== End of FRST.txt ============================
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016 01
Ran by Adadu (22-11-2016 08:46:56)
Running from C:\Users\Adadu\Downloads
Micro$hit MacOS X 7 Ultimate  (X86) (2013-03-09 16:32:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adadu (S-1-5-21-3559194677-4052321422-2392058216-1000 - Administrator - Enabled) => C:\Users\Adadu
Administrator (S-1-5-21-3559194677-4052321422-2392058216-500 - Administrator - Disabled)
Guest (S-1-5-21-3559194677-4052321422-2392058216-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader 9.2 Lite (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AIMP2 (HKLM\...\AIMP2) (Version:  - AIMP DevTeam)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled Deluxe 1.862 (HKLM\...\Bejeweled Deluxe 1.862) (Version:  - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Combo Chaos Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7}) (Version:  - HALFPiNT Games)
Cool Timer 5.1.3.0 (HKLM\...\Cool Timer_is1) (Version:  - Harmony Hollow Software)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.57.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.135 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (Version: 1.5.2.228 - Kaspersky Lab) Hidden
Malware Protection Live (HKLM\...\MalwareProtectionLive) (Version:  - ) <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Professional Edition (HKLM\...\Visual Basic 6.0 Professional Edition) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
mydlink services plugin (HKLM\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
Nero 9 (HKLM\...\{8d2871f6-e558-40bf-81ec-6808343d09bf}) (Version:  - Nero AG)
Orbit Downloader (HKLM\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
PicosmosTools 1.5.1.0 (HKLM\...\PicosmosTools) (Version: 1.5.1.0 - Free Time)
Program4Pc DJ Music Mixer (HKLM\...\{8C6B8ECF-C649-46D9-A8ED-5BE2921F9ECD}) (Version: 5.5 - Program4Pc Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
RKLauncher 0.43 Custom (HKLM\...\{40636246-26E3-4471-894D-B3940117ED36}_is1) (Version:  - ArG, Inc.)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Skype™ 4.1 (HKLM\...\{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}) (Version: 4.1.141 - Skype Technologies S.A.)
SMART BRO (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Y'z Dock 1.01 (HKLM\...\{B96F3609-1472-45CF-93FD-54743FD9FB61}_is1) (Version:  - ArG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3559194677-4052321422-2392058216-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\Adadu\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll (D-Link Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F851277-EB24-46C6-83FD-0965D17D37F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {1DA838E3-584D-420C-A093-D2B38A2EEEB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {4DFA292C-7CE9-4EB6-8CCC-CA58531187C3} - System32\Tasks\{4B6191D7-2F13-490E-BC8D-22FA730F99A9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.18.0.112&amp;LastError=12002
Task: {9310174F-7D9A-44DD-8FC8-24DF051F0663} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-05-18] (Dropbox, Inc.)
Task: {B2210200-6478-40EE-9C9B-BE78008EE12C} - System32\Tasks\{EA3CB214-0F14-4B6A-8444-7AA5A289BE26} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {C38C8589-53D3-421B-A827-D58DF72471AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D9BC0A1A-2CE5-4CC3-A444-1B088E1E4C06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {DD729E4E-C834-4317-9B35-8926144928AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E453FEA1-4524-4504-8DEC-52A9A21BB1B9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-05-18] (Dropbox, Inc.)
Task: {E4CDD6DC-DCE2-422B-8149-BF0866EF9810} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
Task: {E85E5F7F-44D6-4B50-8E81-E623D8C448CA} - System32\Tasks\SafeZone scheduled Autoupdate 1459994645 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {EE690CE0-B132-4195-8433-7D2D9433A79B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Adadu\Music\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-31 08:20 - 2016-08-31 08:20 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-21 18:47 - 2016-11-21 18:47 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16112100\algo.dll
2016-08-31 08:20 - 2016-08-31 08:20 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-04-01 09:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-01 09:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-01 09:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-01 09:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-01 09:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-12 10:09 - 2011-01-24 20:29 - 00253264 _____ () C:\Program Files\SMART BRO\AssistantServices.exe
2014-12-12 10:09 - 2011-04-02 10:44 - 00139088 _____ () C:\Program Files\SMART BRO\UIExec.exe
2016-08-02 08:23 - 2016-08-02 08:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-12 12:34 - 2016-10-11 00:29 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-11-12 12:34 - 2016-10-11 00:29 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-12 12:34 - 2016-10-11 00:30 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-11-12 12:34 - 2016-10-11 00:31 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-12 12:34 - 2016-10-11 00:30 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-12 12:34 - 2016-10-11 00:27 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-11-12 12:34 - 2016-11-08 06:59 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-12 12:34 - 2016-11-08 06:59 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 01972528 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00133424 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-12 12:34 - 2016-10-11 00:33 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-11-12 12:34 - 2016-10-11 00:34 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-11-12 12:34 - 2016-11-08 06:59 - 00042808 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00168760 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2016-11-12 02:04 - 2016-11-12 02:04 - 01187360 _____ () C:\Users\Adadu\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe
2016-11-12 01:13 - 2016-11-12 01:13 - 00931872 _____ () C:\Users\Adadu\AppData\Local\MalwareProtectionLive\mplsettings.dll
2016-05-10 21:33 - 2016-05-10 21:33 - 03187712 _____ () C:\Program Files\PicosmosTools\FFImage.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2016-11-16 08:58 - 2016-11-09 04:29 - 01819240 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-16 08:58 - 2016-11-09 04:29 - 00093288 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2016-02-23 09:53 - 00000858 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adadu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RKLauncher.lnk => C:\Windows\pss\RKLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Y'z Dock.lnk => C:\Windows\pss\Y'z Dock.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4B2807DB-1DF1-4BAA-96A5-DC2EAED24D24}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D9C3FBAD-7CDD-400E-8965-754B24CEF9D6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0A554C7A-9475-4C33-875F-CCC7635A253D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{24B9BAF7-AD86-4D8F-B113-5E28E087B653}C:\users\adadu\desktop\warcraft iii\war3.exe] => (Block) C:\users\adadu\desktop\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CA626E8D-4878-48CB-941E-FB15D120AE83}C:\users\adadu\desktop\warcraft iii\war3.exe] => (Block) C:\users\adadu\desktop\warcraft iii\war3.exe
FirewallRules: [{B5AFE642-E302-4C1C-909D-D180CED95C8F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0F2350B0-17E8-4050-A230-FF297DF7CD58}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{06454344-5098-4587-AD60-8951019278DA}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{858A25EE-52CC-461C-97A8-4552C54AE1AE}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{DB625FA1-7C1B-49D7-864A-5A40369E3D21}] => (Block) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{13CC22F4-031B-4A21-8C97-B347D8251324}] => (Block) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{A718FEF9-AF6F-4E42-87DB-BB56E34C185F}] => (Allow) C:\Program Files\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [{E53BB3C2-AB27-4535-B4DE-837045A226D1}] => (Allow) C:\Program Files\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [TCP Query User{07B86830-B7DB-4F31-848A-DCACA54DCD29}C:\users\adadu\downloads\ffinstonline.exe] => (Allow) C:\users\adadu\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{90470C2F-374E-4CC2-B99D-2C538ACBC796}C:\users\adadu\downloads\ffinstonline.exe] => (Allow) C:\users\adadu\downloads\ffinstonline.exe
FirewallRules: [{C1C49A3E-CC4A-4243-825B-A58E06A25D99}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C0BBD4CA-EFA4-4741-A16E-454B58A78B3D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{2F403EF9-F233-4A4D-8842-95FAFD213FB7}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{903945E7-75D4-44FE-84E3-5553E5D0F9E1}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{44B7A1B7-8FCF-434A-AF7C-CE1BD8BF5E1F}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{9D631472-457A-4455-9F36-FD51B4F7F0D1}] => (Allow) C:\Program Files\PicosmosTools\PTInstOnline.exe
FirewallRules: [{05461AC3-14FD-40CD-81C4-62F0447A9952}] => (Allow) C:\Program Files\Heroes of the Storm\Versions\Base44941\HeroesOfTheStorm.exe
FirewallRules: [{2D5C72E9-B14F-408E-AA5D-C34194BB8B61}] => (Allow) C:\Program Files\Heroes of the Storm\Versions\Base44941\HeroesOfTheStorm.exe
FirewallRules: [{B4F8C68A-F6C0-43FA-8DD4-10962985CE66}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{B6C736A7-39D0-43C7-B1C6-3C332913423D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{8998D199-3775-4E1C-BA3D-843D1C85A82F}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{3B2E8535-B7BF-4DC9-B842-74824ACF8780}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [{1787E0F3-D5FF-41FE-B6D6-81DB782D63B4}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{C7946221-F165-4041-BDBD-569A905E7D4D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{710314D9-F782-4839-9DDE-42E6A3B81AC0}] => (Allow) C:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{8B04FD0F-099F-490B-87D3-0986A4A3E2B2}] => (Allow) C:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{FF5961CE-A6BA-4AC2-9B76-8D2A2565E546}] => (Allow) C:\Program Files\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{EF90C1DA-E8AF-4928-BE2F-3E3E68FA546C}] => (Allow) C:\Program Files\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{236131E6-7121-49D7-B324-603A07825B3E}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{02064B3E-F2FB-4CEF-9FC8-E50EA2CF05F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2EA3C6A-9A90-4B02-8992-68C114BF1A49}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DB16643A-0D08-4D9C-BDC5-E6F26FFA3805}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
The system cannot find message text for message number 0x1069 in the message file for (null).
 
More help is available by typing NET HELPMSG 4201.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 57%
Total physical RAM: 2911.04 MB
Available physical RAM: 1245.23 MB
Total Virtual: 5818.29 MB
Available Virtual: 3949.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:25.09 GB) NTFS
Drive d: (GUARDIANS_OF_THE_GALAXY) (CDROM) (Total:7.13 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C706724C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
aswMBR
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-11-22 08:48:18
-----------------------------
08:48:18.000    OS Version: Windows 6.1.7600 
08:48:18.000    Number of processors: 2 586 0x170A
08:48:18.002    ComputerName: ADADU-PC  UserName: Adadu
08:48:25.127    Initialize success
08:48:25.143    VM: initialized successfully
08:48:25.144    VM: Intel CPU virtualization not supported 
08:48:34.075    AVAST engine defs: 16112100
08:48:49.821    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:48:49.824    Disk 0 Vendor: TOSHIBA_MK2552GSX LV010A Size: 238475MB BusType: 11
08:48:49.839    Disk 0 MBR read successfully
08:48:49.843    Disk 0 MBR scan
08:48:49.872    Disk 0 Windows 7 default MBR code
08:48:49.889    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
08:48:49.895    Disk 0 Boot: NTFS     code=2
08:48:49.906    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238373 MB offset 206848
08:48:49.912    Disk 0 scanning sectors +488394752
08:48:50.017    Disk 0 scanning C:\Windows\system32\drivers
08:49:03.214    Service scanning
08:49:24.352    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
08:49:31.089    Modules scanning
08:49:31.097    Disk 0 trace - called modules:
08:49:31.112    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855911f8]<<
08:49:31.118    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8642dac8]
08:49:31.126    3 CLASSPNP.SYS[8beab59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862eb030]
08:49:31.134    \Driver\atapi[0x862e6f38] -> IRP_MJ_CREATE -> 0x855911f8
08:49:31.934    AVAST engine scan C:\Windows
08:49:35.259    AVAST engine scan C:\Windows\system32
08:51:58.792    AVAST engine scan C:\Windows\system32\drivers
08:52:09.872    AVAST engine scan C:\Users\Adadu
08:58:25.453    Disk 0 MBR has been saved successfully to "C:\Users\Adadu\Desktop\MBR.dat"
08:58:25.463    The log file has been saved successfully to "C:\Users\Adadu\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-11-22 08:59:13
-----------------------------
08:59:13.899    OS Version: Windows 6.1.7600 
08:59:13.899    Number of processors: 2 586 0x170A
08:59:13.902    ComputerName: ADADU-PC  UserName: Adadu
08:59:14.667    Initialize success
08:59:14.896    VM: initialized successfully
08:59:14.899    VM: Intel CPU virtualization not supported 
08:59:22.569    AVAST engine defs: 16112100
08:59:40.038    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:59:40.043    Disk 0 Vendor: TOSHIBA_MK2552GSX LV010A Size: 238475MB BusType: 11
08:59:40.119    Disk 0 MBR read successfully
08:59:40.124    Disk 0 MBR scan
08:59:40.131    Disk 0 Windows 7 default MBR code
08:59:40.147    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
08:59:40.184    Disk 0 Boot: NTFS     code=2
08:59:40.208    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238373 MB offset 206848
08:59:40.243    Disk 0 scanning sectors +488394752
08:59:40.354    Disk 0 scanning C:\Windows\system32\drivers
08:59:49.606    Service scanning
09:00:08.917    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:00:14.758    Modules scanning
09:00:14.769    Disk 0 trace - called modules:
09:00:14.813    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x855911f8]<<
09:00:14.823    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8642dac8]
09:00:14.833    3 CLASSPNP.SYS[8beab59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862eb030]
09:00:14.843    \Driver\atapi[0x862e6f38] -> IRP_MJ_CREATE -> 0x855911f8
09:00:15.434    AVAST engine scan C:\Windows
09:00:19.019    AVAST engine scan C:\Windows\system32
09:02:11.846    AVAST engine scan C:\Windows\system32\drivers
09:02:22.740    AVAST engine scan C:\Users\Adadu
09:15:24.401    AVAST engine scan C:\ProgramData
09:19:54.078    Disk 0 statistics 2737632/0/0 @ 1.30 MB/s
09:19:54.094    Scan finished successfully
09:53:40.231    Disk 0 MBR has been saved successfully to "C:\Users\Adadu\Desktop\MBR.dat"
09:53:40.237    The log file has been saved successfully to "C:\Users\Adadu\Desktop\aswMBR.txt"
 

 


    Advertisements

Register to Remove

#2 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 23 November 2016 - 08:02 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, xxxerotech

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Sorry for the delayed response. May I ask what makes you think you are infected with malware? Are there any symptoms you faced?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 23 November 2016 - 06:51 PM

It's alright, Conspire. Thanks for taking the time. Well, I installed Internet Download Manage to give it a try, and then I uninstalled it from the control panel. After that I can no longer open my Firefox browser. Good thing I have Chrome. So I uninstalled Firefox and installed again, but it still won't open. I checked the task manager and it's listed in the processes that's running. 

 

I hope you could help me out. Thanks!


#4 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 24 November 2016 - 07:55 AM

Hey,

Again deeply apologize for the late response. Please run this tool and post the log. Also please run another round for FRST after the clean up.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
On your next reply please post :
AdwCleaner log
Fresh FRST log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#5 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 26 November 2016 - 02:44 AM

Hi, Conspire! Here are the logs that you requested.

 

AdwCleaner log

 

# AdwCleaner v6.030 - Logfile created 26/11/2016 at 16:21:54
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-25.3 [Server]
# Operating System : Windows 7 Ultimate  (X86)
# Username : Adadu - ADADU-PC
# Running from : C:\Users\Adadu\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Adadu\AppData\Local\MalwareProtectionLive
[-] Folder deleted: C:\Users\Adadu\AppData\Roaming\GrabPro
[-] Folder deleted: C:\Program Files\orbitdownloader
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Adadu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
[-] Key deleted: HKLM\SOFTWARE\Orbit
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
[-] Data restored: HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Key deleted: HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D6A11E6F-EBE6-4811-97BD-E75ECCAC07E2}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D6A11E6F-EBE6-4811-97BD-E75ECCAC07E2}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MalwareProtectionLive]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "keyword.URL" -  "hxxps://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3689 Bytes] - [26/11/2016 16:21:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [781 Bytes] - [03/07/2016 11:55:35]
C:\AdwCleaner\AdwCleaner[S2].txt - [4060 Bytes] - [26/11/2016 16:07:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3907 Bytes] ##########
 

Fresh FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016

Ran by Adadu (administrator) on ADADU-PC (26-11-2016 16:26:59)
Running from C:\Users\Adadu\Downloads
Loaded Profiles: Adadu (Available Profiles: Adadu)
Platform: Micro$hit MacOS X 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\SMART BRO\AssistantServices.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\SMART BRO\UIExec.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Free Time) C:\Program Files\PicosmosTools\PicosmosTools.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [UIExec] => C:\Program Files\SMART BRO\UIExec.exe [139088 2011-04-02] ()
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25673776 2016-11-08] (Dropbox, Inc.)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [Picosmos] => C:\Program Files\PicosmosTools\PicosmosTools.exe [5733960 2016-05-21] (Free Time)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-31] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-07-10]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2016-11-26]
ShortcutTarget: Orbit.lnk -> C:\Program Files\Orbitdownloader\orbitdm.exe (No File)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{A8279C24-18BD-4C66-8A18-90C981C2330E}: [DhcpNameServer] 192.168.254.254 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com
hxxp://go.microsoft.com/fwlink/?LinkId=69157
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Adadu\AppData\Roaming\Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 [2016-11-21]
FF NewTab: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215 -> about:home
FF Extension: (Firefox Hotfix) - C:\Users\Adadu\AppData\Roaming\Mozilla\Firefox\Profiles\9sdpg9pi.default-1450624626215\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF ProfilePath: C:\Users\Adadu\AppData\Roaming\Mozilla\Firefox\Profiles\qababq48.default-1479725842724 [2016-11-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-31]
FF HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-26] ()
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3559194677-4052321422-2392058216-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Adadu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin HKU\S-1-5-21-3559194677-4052321422-2392058216-1000: www.mydlink.com/Uplayer -> C:\Users\Adadu\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll [2015-12-11] (D-Link Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-12-02] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2009-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2009-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2009-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2009-12-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default [2016-11-26]
CHR Extension: (Google Slides) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-26]
CHR Extension: (Google Docs) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-26]
CHR Extension: (Google Drive) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-26]
CHR Extension: (YouTube) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-26]
CHR Extension: (Avast SafePrice) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-21]
CHR Extension: (Google Sheets) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-01]
CHR Extension: (Avast Online Security) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-26]
CHR Extension: (Gmail) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\Adadu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-31] (AVAST Software)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-18] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-11-08] (Dropbox, Inc.)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [239880 2016-02-06] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-08-14] (Microsoft Corporation) [File not signed]
R2 UI Assistant Service; C:\Program Files\SMART BRO\AssistantServices.exe [253264 2011-01-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-14] (AVAST Software)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [91784 2014-12-09] (e2eSoft)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-03-10] () [File not signed]
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107776 2011-03-26] (ZTE Incorporated)
U3 ajs0eywu; C:\Windows\system32\Drivers\ajs0eywu.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-26 16:04 - 2016-11-26 16:04 - 03910208 _____ C:\Users\Adadu\Downloads\AdwCleaner.exe
2016-11-22 08:58 - 2016-11-22 09:53 - 00004243 _____ C:\Users\Adadu\Desktop\aswMBR.txt
2016-11-22 08:58 - 2016-11-22 09:53 - 00000512 _____ C:\Users\Adadu\Desktop\MBR.dat
2016-11-22 08:44 - 2016-11-26 16:26 - 01761280 _____ (Farbar) C:\Users\Adadu\Downloads\FRST.exe
2016-11-22 08:43 - 2016-11-22 08:44 - 05198336 _____ (AVAST Software) C:\Users\Adadu\Downloads\aswMBR.exe
2016-11-22 08:40 - 2016-11-22 08:40 - 00243600 _____ C:\Users\Adadu\Downloads\Firefox Setup Stub 50.0 (1).exe
2016-11-22 08:38 - 2016-11-22 08:41 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-22 08:38 - 2016-11-22 08:41 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-22 08:36 - 2016-11-22 08:36 - 00243600 _____ C:\Users\Adadu\Downloads\Firefox Setup Stub 50.0.exe
2016-11-21 18:42 - 2016-11-21 18:53 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\DMCache
2016-11-21 18:42 - 2016-11-21 18:42 - 00000000 ____D C:\Users\Adadu\Downloads\Video
2016-11-21 18:42 - 2016-11-21 18:42 - 00000000 ____D C:\Users\Adadu\Downloads\Compressed
2016-11-21 18:42 - 2016-11-21 18:42 - 00000000 ____D C:\ProgramData\IDM
2016-11-21 18:41 - 2016-11-21 18:41 - 06907464 _____ (Tonec Inc.) C:\Users\Adadu\Downloads\idman626build10.exe
2016-11-21 18:29 - 2016-11-21 18:32 - 00000000 ____D C:\Users\Adadu\AppData\Local\Free Download Manager
2016-11-21 18:27 - 2016-11-21 18:28 - 41797472 _____ (FreeDownloadManager.ORG ) C:\Users\Adadu\Downloads\fdm5_x86_setup.exe
2016-11-20 14:42 - 2016-11-20 14:42 - 00166094 _____ C:\Windows\ntbtlog.txt
2016-11-20 09:33 - 2016-11-20 09:33 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\WinRAR
2016-11-20 09:25 - 2016-11-20 09:25 - 00204042 _____ C:\Users\Adadu\Downloads\3D_CAMERA_TECH_DOWNLOAD_01_folder.zip
2016-11-18 18:05 - 2016-11-21 18:57 - 00000000 ____D C:\Users\Adadu\AppData\LocalLow\Mozilla
2016-11-18 09:18 - 2016-11-23 08:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-12 12:34 - 2016-11-12 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 11:54 - 2016-11-11 12:02 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\Audacity
2016-11-11 11:54 - 2016-11-11 11:54 - 00000000 ____D C:\Users\Adadu\AppData\Local\Audacity
2016-11-11 11:52 - 2016-11-11 11:54 - 00000000 ____D C:\Program Files\Audacity
2016-11-11 11:52 - 2016-11-11 11:52 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-11 11:52 - 2016-11-11 11:52 - 00000969 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-11 11:50 - 2016-11-11 11:51 - 26496761 _____ (Audacity Team ) C:\Users\Adadu\Downloads\audacity-win-2.1.2.exe
2016-11-08 06:49 - 2016-11-08 06:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-08 06:49 - 2016-11-08 06:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-08 06:49 - 2016-11-08 06:49 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-08 06:49 - 2016-11-08 06:49 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-29 22:12 - 2016-10-30 05:26 - 00000000 ____D C:\Users\Adadu\AppData\LocalLow\Wulven Game Studios
2016-10-29 22:08 - 2016-10-29 22:10 - 09296352 _____ (Wulven Game Studios ) C:\Users\Adadu\Downloads\ShadowEra.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-26 16:27 - 2016-07-03 12:12 - 00016533 _____ C:\Users\Adadu\Downloads\FRST.txt
2016-11-26 16:26 - 2016-07-03 12:08 - 00000000 ____D C:\Users\Adadu\Downloads\FRST-OlderVersion
2016-11-26 16:26 - 2016-07-03 12:05 - 00000000 ____D C:\FRST
2016-11-26 16:25 - 2016-05-18 15:37 - 00000000 ___RD C:\Users\Adadu\Dropbox
2016-11-26 16:24 - 2016-05-18 15:15 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-26 16:24 - 2013-03-10 16:03 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-26 16:23 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-26 16:21 - 2016-07-03 11:54 - 00000000 ____D C:\AdwCleaner
2016-11-26 15:55 - 2013-03-10 16:03 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-26 15:31 - 2016-05-18 15:15 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-26 15:16 - 2009-07-14 12:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-26 15:16 - 2009-07-14 12:34 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-26 15:13 - 2016-08-25 17:33 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\Orbit
2016-11-25 19:05 - 2013-03-10 16:18 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\vlc
2016-11-25 18:44 - 2015-12-29 08:21 - 00000000 ____D C:\Users\Adadu\AppData\Local\Battle.net
2016-11-25 18:14 - 2015-12-29 08:18 - 00000000 ____D C:\Program Files\Battle.net
2016-11-24 18:57 - 2013-03-10 00:42 - 00717892 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-24 18:57 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2016-11-23 15:40 - 2015-12-21 03:58 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\Azureus
2016-11-23 15:36 - 2016-01-18 15:33 - 00000000 ____D C:\Users\Adadu\AppData\Roaming\CDisplayEx
2016-11-23 14:51 - 2015-12-21 03:58 - 00000000 ____D C:\Users\Adadu\Documents\Vuze Downloads
2016-11-23 08:23 - 2015-07-05 14:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-22 08:47 - 2016-07-03 12:13 - 00030438 _____ C:\Users\Adadu\Downloads\Addition.txt
2016-11-20 12:48 - 2013-03-10 00:37 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-16 08:58 - 2016-10-26 11:43 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 08:58 - 2016-10-26 11:43 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 15:33 - 2016-02-28 14:25 - 00000000 ____D C:\Users\Adadu\Desktop\hearthstone
2016-11-12 12:34 - 2016-05-18 15:15 - 00000000 ____D C:\Program Files\Dropbox
2016-11-11 13:50 - 2015-12-29 08:53 - 00000000 ____D C:\Program Files\Hearthstone
2016-11-05 20:46 - 2013-03-10 16:03 - 00000000 ____D C:\Users\Adadu\AppData\Local\Google
2016-10-28 10:11 - 2009-07-14 12:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2016-08-07 12:57 - 2016-08-07 21:57 - 0000103 _____ () C:\Users\Adadu\AppData\Roaming\Camdata.ini
2016-08-07 12:57 - 2016-08-07 21:57 - 0000408 _____ () C:\Users\Adadu\AppData\Roaming\CamLayout.ini
2016-08-07 12:57 - 2016-08-07 21:57 - 0000408 _____ () C:\Users\Adadu\AppData\Roaming\CamShapes.ini
2016-08-07 12:57 - 2016-08-07 21:57 - 0004535 _____ () C:\Users\Adadu\AppData\Roaming\CamStudio.cfg
2016-08-07 12:49 - 2016-08-07 21:53 - 0000096 _____ () C:\Users\Adadu\AppData\Roaming\version2.xml
 
Some files in TEMP:
====================
C:\Users\Adadu\AppData\Local\Temp\libeay32.dll
C:\Users\Adadu\AppData\Local\Temp\msvcr120.dll
C:\Users\Adadu\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2009-07-14 07:41] - [2009-09-03 13:51] - 2417664 ____A (Microsoft Corporation) 850AC6E1690E59DF6E6F37D076DD7443
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-11-20 22:10
 
==================== End of FRST.txt ============================

Addition log
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by Adadu (26-11-2016 16:28:09)
Running from C:\Users\Adadu\Downloads
Micro$hit MacOS X 7 Ultimate  (X86) (2013-03-09 16:32:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adadu (S-1-5-21-3559194677-4052321422-2392058216-1000 - Administrator - Enabled) => C:\Users\Adadu
Administrator (S-1-5-21-3559194677-4052321422-2392058216-500 - Administrator - Disabled)
Guest (S-1-5-21-3559194677-4052321422-2392058216-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader 9.2 Lite (HKLM\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AIMP2 (HKLM\...\AIMP2) (Version:  - AIMP DevTeam)
Audacity 2.1.2 (HKLM\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled Deluxe 1.862 (HKLM\...\Bejeweled Deluxe 1.862) (Version:  - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Combo Chaos Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7}) (Version:  - HALFPiNT Games)
Cool Timer 5.1.3.0 (HKLM\...\Cool Timer_is1) (Version:  - Harmony Hollow Software)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Dropbox (HKLM\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.57.1 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.9.0.1 (HKLM\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.135 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (Version: 1.5.2.228 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Professional Edition (HKLM\...\Visual Basic 6.0 Professional Edition) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Mozilla Firefox 50.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
mydlink services plugin (HKLM\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation)
Nero 9 (HKLM\...\{8d2871f6-e558-40bf-81ec-6808343d09bf}) (Version:  - Nero AG)
PicosmosTools 1.5.1.0 (HKLM\...\PicosmosTools) (Version: 1.5.1.0 - Free Time)
Program4Pc DJ Music Mixer (HKLM\...\{8C6B8ECF-C649-46D9-A8ED-5BE2921F9ECD}) (Version: 5.5 - Program4Pc Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
RKLauncher 0.43 Custom (HKLM\...\{40636246-26E3-4471-894D-B3940117ED36}_is1) (Version:  - ArG, Inc.)
SafeZone Stable 1.51.2220.62 (Version: 1.51.2220.62 - Avast Software) Hidden
Skype™ 4.1 (HKLM\...\{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}) (Version: 4.1.141 - Skype Technologies S.A.)
SMART BRO (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player 1.0.3 (HKLM\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Y'z Dock 1.01 (HKLM\...\{B96F3609-1472-45CF-93FD-54743FD9FB61}_is1) (Version:  - ArG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3559194677-4052321422-2392058216-1000_Classes\CLSID\{202B524F-841E-5A9D-8D3F-1010FA1A469E}\InprocServer32 -> C:\Users\Adadu\AppData\Roaming\D-Link\mydlink services plugin\1.0.2.7\npUplayer.dll (D-Link Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F851277-EB24-46C6-83FD-0965D17D37F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {1DA838E3-584D-420C-A093-D2B38A2EEEB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {4DFA292C-7CE9-4EB6-8CCC-CA58531187C3} - System32\Tasks\{4B6191D7-2F13-490E-BC8D-22FA730F99A9} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.18.0.112&amp;LastError=12002
Task: {9310174F-7D9A-44DD-8FC8-24DF051F0663} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-05-18] (Dropbox, Inc.)
Task: {B2210200-6478-40EE-9C9B-BE78008EE12C} - System32\Tasks\{EA3CB214-0F14-4B6A-8444-7AA5A289BE26} => Firefox.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {C38C8589-53D3-421B-A827-D58DF72471AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D9BC0A1A-2CE5-4CC3-A444-1B088E1E4C06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {DD729E4E-C834-4317-9B35-8926144928AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E453FEA1-4524-4504-8DEC-52A9A21BB1B9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-05-18] (Dropbox, Inc.)
Task: {E4CDD6DC-DCE2-422B-8149-BF0866EF9810} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
Task: {E85E5F7F-44D6-4B50-8E81-E623D8C448CA} - System32\Tasks\SafeZone scheduled Autoupdate 1459994645 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {EE690CE0-B132-4195-8433-7D2D9433A79B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Adadu\Music\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-31 08:20 - 2016-08-31 08:20 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-26 15:12 - 2016-11-26 15:12 - 03134984 _____ () C:\Program Files\AVAST Software\Avast\defs\16112501\algo.dll
2016-08-31 08:20 - 2016-08-31 08:20 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2016-04-01 09:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-01 09:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-01 09:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-01 09:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-01 09:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-12 10:09 - 2011-01-24 20:29 - 00253264 _____ () C:\Program Files\SMART BRO\AssistantServices.exe
2014-12-12 10:09 - 2011-04-02 10:44 - 00139088 _____ () C:\Program Files\SMART BRO\UIExec.exe
2016-08-02 08:23 - 2016-08-02 08:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-12 12:34 - 2016-10-11 00:29 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2016-11-12 12:34 - 2016-10-11 00:29 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-12 12:34 - 2016-10-11 00:30 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 01682760 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00021312 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2016-11-12 12:34 - 2016-10-11 00:31 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00025424 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00246592 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00026456 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-12 12:34 - 2016-10-11 00:30 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2016-11-12 12:34 - 2016-11-08 06:58 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00019776 _____ () C:\Program Files\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00020800 _____ () C:\Program Files\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00022352 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-11-12 12:34 - 2016-10-11 00:27 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2016-11-12 12:34 - 2016-11-08 06:59 - 00084280 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-12 12:34 - 2016-11-08 06:59 - 01826096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-12 12:34 - 2016-10-11 00:29 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00531248 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 03928880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 01972528 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00133424 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00224056 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00020288 _____ () C:\Program Files\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-11-12 12:34 - 2016-10-11 00:33 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2016-11-12 12:34 - 2016-10-11 00:34 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2016-11-12 12:34 - 2016-11-08 06:59 - 00042808 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00168760 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-12 12:34 - 2016-10-11 00:31 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00024904 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-11-12 12:34 - 2016-11-08 06:59 - 00546096 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2016-05-10 21:33 - 2016-05-10 21:33 - 03187712 _____ () C:\Program Files\PicosmosTools\FFImage.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 45077376 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 01650560 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2016-06-02 18:06 - 2016-06-02 18:06 - 00082304 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libegl.dll
2016-11-16 08:58 - 2016-11-09 04:29 - 01819240 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-16 08:58 - 2016-11-09 04:29 - 00093288 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2016-02-23 09:53 - 00000858 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Adadu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RKLauncher.lnk => C:\Windows\pss\RKLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Y'z Dock.lnk => C:\Windows\pss\Y'z Dock.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4B2807DB-1DF1-4BAA-96A5-DC2EAED24D24}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D9C3FBAD-7CDD-400E-8965-754B24CEF9D6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0A554C7A-9475-4C33-875F-CCC7635A253D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{24B9BAF7-AD86-4D8F-B113-5E28E087B653}C:\users\adadu\desktop\warcraft iii\war3.exe] => (Block) C:\users\adadu\desktop\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CA626E8D-4878-48CB-941E-FB15D120AE83}C:\users\adadu\desktop\warcraft iii\war3.exe] => (Block) C:\users\adadu\desktop\warcraft iii\war3.exe
FirewallRules: [{B5AFE642-E302-4C1C-909D-D180CED95C8F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{0F2350B0-17E8-4050-A230-FF297DF7CD58}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{06454344-5098-4587-AD60-8951019278DA}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{858A25EE-52CC-461C-97A8-4552C54AE1AE}C:\program files\hearthstone\hearthstone.exe] => (Allow) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{DB625FA1-7C1B-49D7-864A-5A40369E3D21}] => (Block) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{13CC22F4-031B-4A21-8C97-B347D8251324}] => (Block) C:\program files\hearthstone\hearthstone.exe
FirewallRules: [{A718FEF9-AF6F-4E42-87DB-BB56E34C185F}] => (Allow) C:\Program Files\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [{E53BB3C2-AB27-4535-B4DE-837045A226D1}] => (Allow) C:\Program Files\StarCraft II\Versions\Base42932\SC2.exe
FirewallRules: [TCP Query User{07B86830-B7DB-4F31-848A-DCACA54DCD29}C:\users\adadu\downloads\ffinstonline.exe] => (Allow) C:\users\adadu\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{90470C2F-374E-4CC2-B99D-2C538ACBC796}C:\users\adadu\downloads\ffinstonline.exe] => (Allow) C:\users\adadu\downloads\ffinstonline.exe
FirewallRules: [{C1C49A3E-CC4A-4243-825B-A58E06A25D99}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{C0BBD4CA-EFA4-4741-A16E-454B58A78B3D}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{2F403EF9-F233-4A4D-8842-95FAFD213FB7}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe
FirewallRules: [{903945E7-75D4-44FE-84E3-5553E5D0F9E1}] => (Allow) C:\Program Files\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{44B7A1B7-8FCF-434A-AF7C-CE1BD8BF5E1F}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{9D631472-457A-4455-9F36-FD51B4F7F0D1}] => (Allow) C:\Program Files\PicosmosTools\PTInstOnline.exe
FirewallRules: [{05461AC3-14FD-40CD-81C4-62F0447A9952}] => (Allow) C:\Program Files\Heroes of the Storm\Versions\Base44941\HeroesOfTheStorm.exe
FirewallRules: [{2D5C72E9-B14F-408E-AA5D-C34194BB8B61}] => (Allow) C:\Program Files\Heroes of the Storm\Versions\Base44941\HeroesOfTheStorm.exe
FirewallRules: [{B4F8C68A-F6C0-43FA-8DD4-10962985CE66}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{B6C736A7-39D0-43C7-B1C6-3C332913423D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{8998D199-3775-4E1C-BA3D-843D1C85A82F}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{3B2E8535-B7BF-4DC9-B842-74824ACF8780}C:\program files\orbitdownloader\orbitnet.exe] => (Allow) C:\program files\orbitdownloader\orbitnet.exe
FirewallRules: [{1787E0F3-D5FF-41FE-B6D6-81DB782D63B4}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{C7946221-F165-4041-BDBD-569A905E7D4D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{710314D9-F782-4839-9DDE-42E6A3B81AC0}] => (Allow) C:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{8B04FD0F-099F-490B-87D3-0986A4A3E2B2}] => (Allow) C:\Program Files\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{FF5961CE-A6BA-4AC2-9B76-8D2A2565E546}] => (Allow) C:\Program Files\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{EF90C1DA-E8AF-4928-BE2F-3E3E68FA546C}] => (Allow) C:\Program Files\StarCraft II\Versions\Base47185\SC2.exe
FirewallRules: [{236131E6-7121-49D7-B324-603A07825B3E}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{02064B3E-F2FB-4CEF-9FC8-E50EA2CF05F4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2EA3C6A-9A90-4B02-8992-68C114BF1A49}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DB16643A-0D08-4D9C-BDC5-E6F26FFA3805}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
The system cannot find message text for message number 0x1069 in the message file for (null).
 
More help is available by typing NET HELPMSG 4201.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 2911.04 MB
Available physical RAM: 1369.93 MB
Total Virtual: 5818.29 MB
Available Virtual: 3939.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:19.49 GB) NTFS
Drive d: (GUARDIANS_OF_THE_GALAXY) (CDROM) (Total:7.13 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C706724C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

#6 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 26 November 2016 - 03:35 AM

Hi xxxerotech,

Download attached fixlist.txt file and save it to the Desktop.

Attached File  fixlist.txt   544bytes   258 downloads

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#7 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 27 November 2016 - 06:42 PM

Hello there! Here is the Fixlog that you requested.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-11-2016
Ran by Adadu (28-11-2016 08:24:22) Run:2
Running from C:\Users\Adadu\Downloads
Loaded Profiles: Adadu (Available Profiles: Adadu)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
U3 ajs0eywu; C:\Windows\system32\Drivers\ajs0eywu.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
FirewallRules: [{B4F8C68A-F6C0-43FA-8DD4-10962985CE66}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{B6C736A7-39D0-43C7-B1C6-3C332913423D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FF HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found
EmptyTemp:
end
*****************
 
ajs0eywu => service not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4F8C68A-F6C0-43FA-8DD4-10962985CE66} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6C736A7-39D0-43C7-B1C6-3C332913423D} => value removed successfully.
HKU\S-1-5-21-3559194677-4052321422-2392058216-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59193488 B
Java, Flash, Steam htmlcache => 24518818 B
Windows/system/drivers => 1701277 B
Edge => 0 B
Chrome => 498559659 B
Firefox => 404657305 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 692 B
LocalService => 0 B
NetworkService => 0 B
Adadu => 132475068 B
 
RecycleBin => 14569352091 B
EmptyTemp: => 14.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:25:35 ====

#8 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 28 November 2016 - 10:50 PM

Hello,

 

Can you try removing firefox completely, reboot, install it again?


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#9 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 29 November 2016 - 06:30 PM

Please let me get back to you later or tomorrow. My Internet connection is shitty right now. Thanks!


#10 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 30 November 2016 - 06:26 AM

Thanks for letting me know. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#11 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 30 November 2016 - 10:26 AM

Hi, just an update. I just finished removing and then installing Firefox. I still can't open my Firefox browser. Chrome is working just fine and IE but I'd really like to have Firefox back. It's the only thing that will give me peace of mind that my laptop is not infected somehow. Yeah, I know it's a bit dramatic. ^_^

 

What if I just had my laptop formatted? Would that guarantee the removal of any virus/malware from my laptop?


#12 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 01 December 2016 - 01:36 AM

You could choose to do that. In most cases it would solve a lot of malware problems. Just be sure that you aren't backing up the infected file will do especially the executables.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#13 xxxerotech

xxxerotech

    Authentic Member

  • Authentic Member
  • PipPip
  • 110 posts

Posted 01 December 2016 - 07:39 PM

Alright! Thanks for trying to help me out.


#14 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 02 December 2016 - 07:03 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·