Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #16  
Old May 9th, 2019, 11:03 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
Good idea to disable Avast first.

Then either download a new FRST copy, or click the Start button, click Computer, then navigate to the C drive. Then go to Users - Tony - Desktop and copy FRST to the Administrators desktop from there and run it.
Reply With Quote


  #17  
Old May 9th, 2019, 07:55 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05.2019
Ran by Tony (administrator) on TONY-PC (Gateway DX4831) (09-05-2019 14:49:49)
Running from C:\Users\Tony\Desktop
Loaded Profiles: Tony & (Available Profiles: Tony & Sonia & Amanda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Acer Incorporated -> Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcatel-Lucent) [File not signed] C:\Program Files\Common Files\Motive\McciCMService.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\Tony\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\Tony\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Tony\AppData\Roaming\BitTorrent\BitTorren t.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Tony\AppData\Roaming\BitTorrent\updates\7 .10.5_44995\bittorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Tony\AppData\Roaming\BitTorrent\updates\7 .10.5_44995\bittorrentie.exe
(Cisco Consumer Products LLC -> ) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Fileserve Ltd -> FileServe Limited) C:\Program Files (x86)\FileServe Manager\FSStarter.exe
(Fileserve Ltd -> FileServe Limited) C:\Program Files (x86)\FileServe Manager\FSStarter.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(INTERNET PROJECT LLC -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(INTERNET PROJECT LLC -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Lavasoft Software Canada -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinServ ice.exe
(Logitech, Inc. -> ) C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Verizon Internet Solutions -> Verizon) [File not signed] C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (Canon Inc. -> CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG -> Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [68920 2019-01-15] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [FileServe Manager Task] => C:\Program Files (x86)\FileServe Manager\FSStarter.exe [955808 2011-11-03] (Fileserve Ltd -> FileServe Limited)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [203760 2018-05-08] (INTERNET PROJECT LLC -> )
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143903906\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-05-16] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [Adobe CSS5.1 Manager] => C:\Users\Tony\AppData\Local\3c9e4e0a-fb92-404b-9b2d-9259b37d4e52ad\ceeafbbbdbdead.exe
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [RprPlsjv] => :\Windows\system32\config\systemprofile\AppData\Lo cal\jjadbsaf\rprplsjv.ex
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [Amazon Music Helper] => C:\Users\Tony\AppData\Local\Amazon Music\Amazon Music Helper.exe [3981288 2017-12-17] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [Chromium] => c:\users\tony\appdata\local\chromium\application\c hrome.exe [828416 2017-01-20] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Run: [BitTorrent] => C:\Users\Tony\AppData\Roaming\BitTorrent\BitTorren t.exe [1744064 2019-02-01] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Winlogon: [Shell] C:\ProgramData\intermod-42\intermod-5.exe -4,explorer.exe <==== ATTENTION
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\DREAMA~1.SCR [94208 2006-06-09] () [File not signed]
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4113520 2018-05-16] (Tonec Inc. -> Tonec Inc.)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [Adobe CSS5.1 Manager] => C:\Users\Tony\AppData\Local\3c9e4e0a-fb92-404b-9b2d-9259b37d4e52ad\ceeafbbbdbdead.exe
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [RprPlsjv] => :\Windows\system32\config\systemprofile\AppData\Lo cal\jjadbsaf\rprplsjv.ex
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [Amazon Music Helper] => C:\Users\Tony\AppData\Local\Amazon Music\Amazon Music Helper.exe [3981288 2017-12-17] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [Chromium] => c:\users\tony\appdata\local\chromium\application\c hrome.exe [828416 2017-01-20] (The Chromium Authors) [File not signed]
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Run: [BitTorrent] => C:\Users\Tony\AppData\Roaming\BitTorrent\BitTorren t.exe [1744064 2019-02-01] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Winlogon: [Shell] C:\ProgramData\intermod-42\intermod-5.exe -4,explorer.exe <==== ATTENTION
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\DREAMA~1.SCR [94208 2006-06-09] () [File not signed]
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [MSVideo] => C:\Windows\system32\vfwwdm32.dll [68096 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-09-21] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [7680 2009-05-20] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {A44F0C5B-7DB2-406D-86BF-C6621C7CF41B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2838920 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
Task: {A7AA6181-712B-4BD8-B0B6-6F4B780344F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {B140D420-C029-4E9A-86C2-15A821603616} - System32\Tasks\Amazon Music Helper => C:\Users\Tony\AppData\Local\Amazon Music\Amazon Music Helper.exe [3981288 2017-12-17] (Amazon Services LLC -> Amazon Services LLC)
Task: {D04DBFE7-7BE1-4DB9-8887-1496EBD8E176} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-05-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {EEFEFA96-33EF-42B5-ABA8-6710CBAEAE1D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2BA3D85A-B270-441E-960B-14D957BF66C4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.start.earthlink.net/
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.start.earthlink.net/
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-3620745168-242742600-4173124476-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904920] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3620745168-242742600-4173124476-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143905342] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-3620745168-242742600-4173124476-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACGW_enUS367
SearchScopes: HKU\S-1-5-21-3620745168-242742600-4173124476-1001 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install _date=20111015&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACGW_enUS367
SearchScopes: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install _date=20111015&iesrc={referrer:source}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2018-05-15] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2018-05-15] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}] - C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF Extension: (FileServe Manager) - C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2012-01-23] [Legacy] [not signed]
FF HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tony\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Tony\AppData\Roaming\IDM\idmmzcc5 [2019-05-04] [Legacy] [not signed]
FF HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tony\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3620745168-242742600-4173124476-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Tony\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon Services LLC -> Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Tony\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon Services LLC -> Amazon.com, Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
CHR HKLM-x32\...\Chrome\Extension: [fpgkjhpjldibdbbppfcabadmpfenkdfe] - C:\Program Files (x86)\FileServe Manager\FSChromeAddOn.crx [2011-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2018-05-16]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
U3 COMSysApp; C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
U3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] (Cisco Consumer Products LLC -> )
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\Freem akeUtilsService.exe [97776 2018-05-08] (INTERNET PROJECT LLC -> Freemake)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe [363128 2015-01-27] (Verizon Internet Solutions -> Verizon) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-03-17] (Alcatel-Lucent) [File not signed]
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG -> Nero AG)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG -> Nero AG)
S4 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] (CyberLink -> )
S4 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-29] (SupportSoft, Inc. -> SupportSoft, Inc.)
S4 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-29] (SupportSoft, Inc. -> SupportSoft, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinServ ice.exe [25192 2017-06-22] (Lavasoft Software Canada -> )
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 LVSrvLauncher; C:\Program Files (x86)\Common Files\Logitech\SrvLnch\SrvLnch.exe [X]
S2 TVersityMediaServer; "C:\Users\Tony\AppData\Local\TVersity\Media Server\MediaServer.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2010-03-18] (SlySoft Inc. -> SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [121280 2010-03-18] (SlySoft Inc. -> SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205608 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [254408 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [196304 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblog.sys [320904 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [58168 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42496 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169104 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88152 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1034640 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [476264 2019-04-13] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [220632 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380160 2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
S3 efavdrv; C:\Windows\system32\drivers\efavdrv.sys [139704 2017-05-28] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12311904 2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [233984 2009-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-05-04] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-05-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-05-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-05-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [104784 2019-05-09] (Malwarebytes Corporation -> Malwarebytes)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 ElbyDelay; System32\Drivers\ElbyDelay.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-09 14:49 - 2019-05-09 14:51 - 000030348 _____ C:\Users\Tony\Desktop\FRST.txt
2019-05-09 14:49 - 2019-05-09 14:49 - 000000000 ____D C:\FRST
2019-05-09 14:47 - 2019-05-09 14:47 - 002430976 _____ (Farbar) C:\Users\Tony\Desktop\FRST64_3.exe
2019-05-09 14:45 - 2019-05-09 14:45 - 000000000 ____D C:\Users\Tony\AppData\LocalLow\BitTorrent
2019-05-09 14:38 - 2019-03-16 13:49 - 000362888 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-05-09 14:37 - 2019-05-09 14:37 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-05-09 14:37 - 2019-05-09 14:37 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-05-09 14:37 - 2019-05-09 14:37 - 000104784 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-05-09 14:37 - 2019-05-09 14:37 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-05-08 22:20 - 2019-05-08 22:22 - 000000000 ____D C:\Users\Tony\Downloads\Video
2019-05-08 22:09 - 2019-05-08 22:09 - 000000000 ____D C:\ArcSoft
2019-05-08 22:07 - 2019-05-08 22:07 - 000005859 _____ C:\Windows\brndlog.txt
2019-05-08 22:07 - 2019-05-08 22:07 - 000000000 ____D C:\Users\Default\AppData\Local\mbamtray
2019-05-08 22:07 - 2019-05-08 22:07 - 000000000 ____D C:\Users\Default User\AppData\Local\mbamtray
2019-05-08 21:55 - 2001-02-19 14:29 - 000672054 _____ C:\Users\Tony\Desktop\Sonia and Pacheco.BMP
2019-05-08 21:55 - 1999-01-03 13:05 - 000705654 _____ C:\Users\Tony\Desktop\Me and Willie.bmp
2019-05-07 20:46 - 2019-05-07 20:53 - 000144072 _____ C:\TDSSKiller.2.8.16.0_07.05.2019_20.46.24_log.txt
2019-05-07 20:45 - 2019-05-07 20:44 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Tony\Desktop\Larry.com
2019-05-07 20:44 - 2019-05-07 20:44 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Tony\Desktop\tdsskiller.exe
2019-05-04 11:05 - 2019-05-04 11:05 - 000146440 _____ C:\Users\Tony\AppData\Local\GDIPFONTCACHEV1.DAT
2019-05-04 09:38 - 2019-05-04 09:38 - 000000000 ____D C:\Users\Tony\AppData\Local\mbamtray
2019-05-04 09:20 - 2019-05-04 09:20 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-04 09:14 - 2019-05-04 09:37 - 000001911 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-04 09:14 - 2019-05-04 09:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-04 09:14 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-04 09:12 - 2019-05-04 09:30 - 000000000 ____D C:\ProgramData\MB3Migration
2019-04-30 20:43 - 2019-04-30 20:43 - 000000820 ____N C:\Users\Amanda\Desktop\HOW_FIX_NOZELESN_FILES.htm
2019-04-29 12:23 - 2019-04-29 12:23 - 000000820 ____N C:\Users\Tony\HOW_FIX_NOZELESN_FILES.htm
2019-04-28 14:41 - 2019-04-28 14:41 - 000000820 ____N C:\Users\Tony\AppData\HOW_FIX_NOZELESN_FILES.htm
2019-04-27 08:29 - 2019-04-27 08:29 - 000000820 ____N C:\ProgramData\HOW_FIX_NOZELESN_FILES.htm
2019-04-25 22:51 - 2019-04-25 22:51 - 000000820 ____N C:\Users\Amanda\Documents\HOW_FIX_NOZELESN_FILES.h tm
2019-04-25 22:22 - 2019-04-25 22:22 - 000000820 ____N C:\Users\Amanda\HOW_FIX_NOZELESN_FILES.htm
2019-04-14 23:47 - 2019-04-14 23:47 - 000000820 ____N C:\Users\Amanda\AppData\Local\HOW_FIX_NOZELESN_FIL ES.htm
2019-04-13 16:10 - 2019-04-13 16:10 - 000000820 ____N C:\Users\Sonia\AppData\Local\HOW_FIX_NOZELESN_FILE S.htm
2019-04-13 10:57 - 2019-04-13 10:57 - 000000077 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2019-04-11 15:03 - 2019-04-11 15:04 - 000000000 ____D C:\Users\Tony\Desktop\Jax Pre-Bday 2019
2019-04-11 15:03 - 2019-04-11 15:03 - 000000000 ____D C:\Users\Tony\Desktop\Mary Calvi
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-05-09 14:50 - 2018-07-14 10:02 - 000000000 ____D C:\Users\Tony\AppData\Roaming\BitTorrent
2019-05-09 14:46 - 2009-07-14 00:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-05-09 14:46 - 2009-07-14 00:45 - 000009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-05-09 14:43 - 2009-07-14 01:13 - 000785858 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-09 14:43 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2019-05-09 14:39 - 2019-03-17 08:07 - 000000000 _____ C:\Windows\system32\last.dump
2019-05-09 14:39 - 2018-07-14 09:37 - 000002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-05-09 14:39 - 2018-07-14 09:36 - 000003910 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-05-09 14:37 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-08 23:56 - 2013-03-11 18:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\DMCache
2019-05-08 23:55 - 2018-07-14 10:08 - 000000000 ____D C:\Users\Tony\Desktop\TORRENTS
2019-05-08 22:07 - 2011-12-03 13:21 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-05-08 22:05 - 2012-02-21 08:04 - 000000000 ____D C:\Users\Tony\AppData\Local\CrashDumps
2019-05-08 21:59 - 2019-01-29 11:03 - 000000000 ____D C:\Users\Tony\Desktop\BACKUPS
2019-05-08 21:53 - 2010-09-23 17:56 - 000000069 _____ C:\Windows\NeroDigital.ini
2019-05-08 21:49 - 2017-05-28 18:47 - 000041516 _____ C:\Users\Tony\Desktop\Addition.txt
2019-05-07 21:41 - 2010-02-19 10:57 - 000000000 ___RD C:\Users\Sonia\Documents\Sonia's Documents
2019-05-07 21:40 - 2010-02-17 18:42 - 000000000 ____D C:\Users\Sonia
2019-05-07 21:35 - 2010-02-17 10:36 - 000000000 ____D C:\Users\Tony\Documents\Tony's Documents
2019-05-07 20:58 - 2010-02-17 15:16 - 000000000 ____D C:\unzipped
2019-05-07 20:57 - 2010-02-17 15:46 - 000000000 ____D C:\Program Set-up Files
2019-05-07 20:40 - 2009-11-16 06:20 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-06 16:49 - 2013-09-17 00:31 - 000000000 ____D C:\Users\Tony\Desktop\Lightroom Pics
2019-05-06 01:27 - 2010-02-17 11:12 - 000000000 ____D C:\Harmony Stuff
2019-05-06 01:26 - 2010-06-22 06:59 - 000000000 ___RD C:\sys
2019-05-06 01:26 - 2010-02-24 12:53 - 000000000 ____D C:\Temp
2019-05-06 01:22 - 2012-01-30 08:37 - 000000000 ___RD C:\Users\Tony\Dropbox
2019-05-06 01:22 - 2010-02-17 07:16 - 000000000 ____D C:\Users\Tony
2019-05-06 01:21 - 2013-03-11 18:53 - 000000000 ____D C:\Users\Tony\Downloads\Compressed
2019-05-06 00:50 - 2014-07-03 20:03 - 000001041 _____ C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2019-05-06 00:50 - 2010-02-18 07:27 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Vso
2019-05-04 12:01 - 2013-03-11 18:53 - 000000000 ____D C:\Users\Tony\AppData\Roaming\IDM
2019-05-04 11:33 - 2009-07-13 23:20 - 000000000 __RHD C:\Users\Public\Libraries
2019-05-04 11:13 - 2010-06-22 15:45 - 000000000 ____D C:\Users\Tony\AppData\Roaming\PhotoScape
2019-05-04 11:01 - 2016-02-15 15:49 - 000000000 ____D C:\ProgramData\intermod-42
2019-05-04 11:01 - 2013-08-08 12:16 - 000000000 ____D C:\Users\Tony\AppData\Local\blvds-0
2019-05-04 11:01 - 2011-09-05 11:46 - 000000000 ____D C:\ProgramData\prochot-31
2019-05-04 10:59 - 2014-09-23 21:01 - 000000000 ____D C:\Users\Amanda
2019-05-04 10:54 - 2012-04-09 09:45 - 000000000 ____D C:\ProgramData\qo
2019-05-04 10:54 - 2010-02-17 10:35 - 000000000 ____D C:\Users\Tony\Tracing
2019-05-04 10:52 - 2018-08-25 08:49 - 000000000 ____D C:\Users\Amanda\Desktop\College
2019-05-04 10:52 - 2018-08-22 14:18 - 000000000 ___RD C:\Users\Amanda\Documents\Scanned Documents
2019-05-04 10:52 - 2017-12-30 18:48 - 000000000 ____D C:\Users\Tony\AppData\Local\Amazon Music
2019-05-04 10:52 - 2016-12-06 21:11 - 000000000 ____D C:\Users\Sonia\AppData\Local\CrashDumps
2019-05-04 10:52 - 2015-04-02 14:30 - 000000000 ____D C:\Users\Amanda\AppData\Local\CrashDumps
2019-05-04 10:52 - 2014-09-23 21:01 - 000000000 ____D C:\Users\Amanda\AppData\Local\Microsoft Help
2019-05-04 10:52 - 2014-04-09 17:42 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Skype
2019-05-04 10:52 - 2013-08-12 18:57 - 000000000 ____D C:\Users\Tony\AppData\Roaming\FixCleaner
2019-05-04 10:52 - 2013-07-14 09:01 - 000000000 ____D C:\Users\fbwuser
2019-05-04 10:52 - 2013-06-17 19:06 - 000000000 ____D C:\Users\Tony\AppData\Local\ImgBurn
2019-05-04 10:52 - 2012-12-28 07:50 - 000000000 ____D C:\Users\Tony\licenses
2019-05-04 10:52 - 2012-12-28 07:50 - 000000000 ____D C:\Users\Tony\libs
2019-05-04 10:52 - 2012-12-09 22:29 - 000000000 ____D C:\Users\Sonia\AppData\Local\Microsoft Help
2019-05-04 10:52 - 2012-09-22 06:42 - 000000000 ____D C:\Users\Tony\AppData\Local\C580F868-4FD1-4570-8215-69E42F822826.aplzod
2019-05-04 10:52 - 2012-07-04 22:56 - 000000000 ____D C:\Users\Tony\AppData\Roaming\MP3Rocket
2019-05-04 10:52 - 2012-02-17 19:25 - 000000000 ____D C:\Users\Tony\AppData\Local\NPE
2019-05-04 10:52 - 2012-02-05 13:19 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Meda MP3 Joiner 1.2
2019-05-04 10:52 - 2012-01-30 08:31 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Dropbox
2019-05-04 10:52 - 2011-03-28 13:45 - 000000000 ____D C:\Users\Sonia\AppData\Roaming\WinRAR
2019-05-04 10:52 - 2011-02-24 19:08 - 000000000 ____D C:\Users\Sonia\AppData\Roaming\Template
2019-05-04 10:52 - 2010-11-29 14:12 - 000000000 ____D C:\Users\Tony\AppData\Roaming\dvdcss
2019-05-04 10:52 - 2010-11-05 09:40 - 000000000 ____D C:\Users\Tony\AppData\Roaming\Template
2019-05-04 10:52 - 2010-02-24 10:48 - 000000000 ____D C:\Users\Tony\AppData\Roaming\LimeWire
2019-05-04 10:52 - 2010-02-17 18:44 - 000000000 __RSD C:\Users\Sonia\Documents\My Stationery
2019-05-04 10:52 - 2010-02-17 15:34 - 000000000 ____D C:\Users\Tony\AppData\Local\Microsoft Help
2019-05-04 10:52 - 2010-02-17 13:58 - 000000000 ____D C:\Users\Tony\AppData\Local\Apple Computer
2019-05-04 10:52 - 2010-02-17 11:46 - 000000000 ____D C:\Users\Tony\AppData\Roaming\WinRAR
2019-05-04 10:52 - 2010-02-17 11:26 - 000000000 ____D C:\ProgramData\DVD Shrink
2019-05-04 10:52 - 2010-02-17 10:16 - 000000000 ____D C:\Users\Tony\AppData\Local\VirtualStore
2019-05-04 09:35 - 2019-01-14 10:40 - 000000000 __SHD C:\found.002
2019-05-04 09:30 - 2018-06-04 21:43 - 007992013 ___RH C:\Users\Tony\AppData\Local\IconCache.db.nozelesn
2019-05-04 08:28 - 2019-02-11 08:05 - 000000000 __SHD C:\found.003
2019-05-04 08:28 - 2018-06-04 20:03 - 000000000 ____D C:\ProgramData\MB2Migration
2019-05-04 08:28 - 2017-06-01 19:02 - 000000000 ____D C:\AdwCleaner
2019-05-04 08:28 - 2016-08-14 14:27 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2019-05-04 08:28 - 2014-08-22 19:56 - 000000000 __SHD C:\found.000
2019-05-04 08:28 - 2012-09-01 07:08 - 000000000 ____D C:\ProgramData\7531CC770009CBFA02F9370AF875F002
2019-05-04 08:28 - 2012-05-13 16:05 - 000000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2019-05-04 08:28 - 2011-06-18 12:23 - 000000000 ____D C:\ProgramData\mB06504NjDdG06504
2019-05-04 08:28 - 2011-02-18 07:41 - 000000000 ____D C:\ProgramData\pMjIbJb06511
2019-05-04 08:28 - 2010-10-05 22:52 - 000000000 ____D C:\ProgramData\vsosdk
2019-05-04 08:28 - 2009-11-16 06:10 - 000000000 ____D C:\ProgramData\Sonic
2019-05-01 10:19 - 2012-11-16 18:30 - 000000000 ____D C:\ProgramData\density-02
2019-04-28 08:33 - 2011-12-25 13:29 - 000094208 ____H C:\Users\Tony\Desktop\photothumb.db
2019-04-27 14:54 - 2014-09-23 21:05 - 003015920 ___RH C:\Users\Amanda\AppData\Local\IconCache.db.nozeles n
2019-04-13 10:57 - 2018-07-14 09:36 - 000476264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-04-13 10:57 - 2018-07-14 09:36 - 000476264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswddf591bc935c2e73.tm p
2019-04-11 14:25 - 2017-08-02 08:50 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories =======
2010-02-18 07:27 - 2010-04-10 06:34 - 000093696 _____ () C:\Users\Tony\AppData\Roaming\ezpinst.exe
2019-04-08 15:47 - 2019-04-08 15:47 - 000000820 ____N () C:\Users\Tony\AppData\Roaming\HOW_FIX_NOZELESN_FIL ES.htm
2010-02-18 07:27 - 2010-10-05 17:38 - 000008780 ____R () C:\Users\Tony\AppData\Roaming\pcouffin.cat.nozeles n
2010-02-18 07:27 - 2010-10-05 17:38 - 000001858 ____R () C:\Users\Tony\AppData\Roaming\pcouffin.inf.nozeles n
2010-02-18 07:27 - 2010-10-05 17:38 - 000000034 _____ () C:\Users\Tony\AppData\Roaming\pcouffin.log
2010-02-18 07:27 - 2010-10-05 17:38 - 000083793 ____R () C:\Users\Tony\AppData\Roaming\pcouffin.sys.nozeles n
2012-12-24 08:22 - 2012-12-24 08:22 - 000019026 ____R () C:\Users\Tony\AppData\Roaming\sound.mp3.nozelesn
2014-07-03 20:03 - 2019-05-06 00:50 - 000001041 _____ () C:\Users\Tony\AppData\Roaming\vso_ts_preview.xml
2010-11-05 09:40 - 2017-05-29 10:55 - 000001482 ____R () C:\Users\Tony\AppData\Roaming\wklnhst.dat.nozelesn
2011-12-22 19:55 - 2015-02-01 15:12 - 000141369 ____R () C:\Users\Tony\AppData\Local\ars.cache.nozelesn
2011-12-22 19:55 - 2015-02-01 15:12 - 000317781 ____R () C:\Users\Tony\AppData\Local\census.cache.nozelesn
2018-10-08 12:58 - 2018-10-08 12:58 - 000003584 _____ () C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-03 08:02 - 2011-02-03 08:02 - 000000000 _____ () C:\Users\Tony\AppData\Local\Enuvo.bin
2019-03-24 01:03 - 2019-03-24 01:03 - 000000820 ____N () C:\Users\Tony\AppData\Local\HOW_FIX_NOZELESN_FILES .htm
2017-05-25 10:40 - 2017-06-20 09:47 - 000000000 _____ () C:\Users\Tony\AppData\Local\hparuwvr.log
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-05-06 13:19
==================== End of FRST.txt ============================
Reply With Quote
  #18  
Old May 9th, 2019, 07:58 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by Tony (09-05-2019 14:51:30)
Running from C:\Users\Tony\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-02-17 11:15:55)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================
Administrator (S-1-5-21-3620745168-242742600-4173124476-500 - Administrator - Enabled)
Amanda (S-1-5-21-3620745168-242742600-4173124476-1004 - Limited - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-3620745168-242742600-4173124476-501 - Limited - Enabled)
Sonia (S-1-5-21-3620745168-242742600-4173124476-1003 - Limited - Enabled) => C:\Users\Sonia
Tony (S-1-5-21-3620745168-242742600-4173124476-1001 - Administrator - Enabled) => C:\Users\Tony
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20099 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Amazon Amazon Music) (Version: 6.2.0.1220 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Amazon Amazon Music) (Version: 6.2.0.1220 - Amazon Services LLC)
ANT Drivers Installer x64 (HKLM\...\{431CE782-4C51-4996-B36F-5D98D5527538}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{B4BD4DFB-0A22-43EC-A2D4-BF515E9A546F}) (Version: 6.0.0.172 - ArcSoft)
ArcSoft PhotoStudio 6 (HKLM-x32\...\{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}) (Version: 6.0.1.134 - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BitTorrent (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\BitTorrent) (Version: 7.10.5.44995 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon CanoScan LiDE 700F User Registration (HKLM-x32\...\Canon CanoScan LiDE 700F User Registration) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon MG6800 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6800_series) (Version: 1.00 - Canon Inc.)
Canon MG6800 series On-screen Manual (HKLM-x32\...\Canon MG6800 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG6800 series User Registration (HKLM-x32\...\Canon MG6800 series User Registration) (Version: - *Canon Inc.)
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601) (Version: - )
Cheetah CD Burner (HKLM-x32\...\{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertXtoDVD 4.0.9.322 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2013 - CyberLink Corp.)
Dream Aquarium (HKLM-x32\...\DreamAqua) (Version: - )
Dropbox (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab HD Decrypter 3.2.1.0 (HKLM-x32\...\DVDFab HD Decrypter_is1) (Version: - Fengtao Software Inc.)
DVDFab Platinum 3.2.1.0 Ghosthunter release (HKLM-x32\...\DVDFab Platinum_is1) (Version: - )
Elevated Installer (HKLM-x32\...\{7E73C9A3-24D9-4D7F-B4C7-7E4AFE0ADCCB}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fast AVI MPEG Joiner 1.1.2 (HKLM-x32\...\Fast AVI MPEG Joiner_is1) (Version: - Allok Soft Inc.)
FileServe Manager 1.0.0.3510 (HKLM-x32\...\{5A07D8BC-C982-43B3-B24F-6FD8D6E89F02}_is1) (Version: - FileServe Limited)
Fish Aquarium 3D Screensaver 1.0 (HKLM-x32\...\Fish Aquarium 3D Screensaver_is1) (Version: - )
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Freemake Video Converter version 4.1.10.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.1 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9FB8EC5B-03EE-463E-8F4F-84B525B986B7}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{1D91CBB5-4CB1-4757-B0FD-2122AF8AAB9E}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
IHA_MessageCenter (HKLM-x32\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon)
ImTOO Audio Maker (HKLM-x32\...\ImTOO Audio Maker) (Version: 3.0.45.0321 - ImTOO)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version: - )
IspAssistant-FileServe (HKLM-x32\...\IspAssistant-FileServe) (Version: - )
iTunes (HKLM\...\{D9D08A8F-5A03-486A-AD4D-3A438D521F8B}) (Version: 12.9.3.3 - Apple Inc.)
Java(TM) 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Meda MP3 Joiner 1.2 (HKLM-x32\...\Meda MP3 Joiner_is1) (Version: - MedaFan Technology)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Movie DVD Maker 2.12 (HKLM-x32\...\AnvSoft Movie DVD Maker_is1) (Version: - AnvSoft, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
MyHarmony (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nero 8 (HKLM-x32\...\{BE282C23-5484-47FF-B2C1-EBEA5C891033}) (Version: 8.3.31 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
Online Video Converter version 1.1.0 (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\{628BF902-EB66-4BDB-97CB-AE4AAAAA5A7F}_is1) (Version: 1.1.0 - APOWERSOFT LIMITED)
Online Video Converter version 1.1.0 (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\{628BF902-EB66-4BDB-97CB-AE4AAAAA5A7F}_is1) (Version: 1.1.0 - APOWERSOFT LIMITED)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PhotoSync (HKLM\...\PhotoSync) (Version: 3.3.6 - touchbyte GmbH)
PRODUCT_NAME (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RapidShare Manager (HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\5f48e2ab41c5d005) (Version: 0.1.0.257 - RapidShare AG)
RapidShare Manager (HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\5f48e2ab41c5d005) (Version: 0.1.0.257 - RapidShare AG)
RapidShare Manager 2 (HKLM-x32\...\6103-4188-8184-5707) (Version: 2 - RapidShare AG)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SereneScreen Marine Aquarium 2.6 (HKLM-x32\...\SereneScreen Marine Aquarium 2.6_is1) (Version: 2.6 - Prolific Publishing, Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc) Hidden
SureThing CD Labeler Deluxe 4 (HKLM-x32\...\MVApplication1) (Version: - )
Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Verizon Download Manager (HKLM-x32\...\{8C0B406B-DF08-49EF-8702-FA45752C135F}) (Version: 9 - SupportSoft)
Verizon FiOS Activation (HKLM-x32\...\Verizon FiOS Activation_is1) (Version: - Verizon)
Videora iPad Converter 6 (HKLM-x32\...\Videora iPad Converter) (Version: 6 - Red Kawa)
Videora iPod Converter 6 (HKLM-x32\...\Videora iPod Converter) (Version: 6 - Red Kawa)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.97.0 - Verizon)
Web Companion (HKLM-x32\...\{c7b25213-3c21-4ac3-99c0-4f40b3fb0ba3}) (Version: 2.4.1558.3001 - Lavasoft)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 ) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 ) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 6.0.6000.16386 (HKLM-x32\...\{67711EE7-BC7C-4FF1-BBC1-733C38D93F7E}_is1) (Version: - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Wondershare Photo Recovery (build 3.1.0) (HKLM-x32\...\Wondershare Photo Recovery_is1) (Version: - Wondershare Co., Ltd.)
YASA VOB to MPEG Converter v3.2 (build 036) (HKLM-x32\...\YASA VOB to MPEG Converter v3.2 (build 036)) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox. exe (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\Dropbox. exe (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3620745168-242742600-4173124476-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll (Dropbox -> Dropbox, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2008-02-28] (Nero AG -> Nero AG)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2013-10-31] (Apple Inc. -> )
ContextMenuHandlers1: [PhotoSyncShellExtension] -> {cd400ee5-8d91-38f2-b2e2-e82242b6d328} => C:\Program Files\PhotoSync\PhotoSyncShellExtension.DLL [2019-01-17] (touchbyte GmbH) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [PhotoSyncShellExtension] -> {cd400ee5-8d91-38f2-b2e2-e82242b6d328} => C:\Program Files\PhotoSync\PhotoSyncShellExtension.DLL [2019-01-17] (touchbyte GmbH) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3620745168-242742600-4173124476-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-3620745168-242742600-4173124476-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-3620745168-242742600-4173124476-1001: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tony\AppData\Roaming\Dropbox\bin\DropboxE xt64.19.dll [2013-05-24] (Dropbox -> Dropbox, Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2011-06-19 11:27 - 2015-01-27 13:34 - 000049152 _____ ( ) [File not signed] C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Interop.IWshRu ntimeLibrary.dll
2010-07-01 02:56 - 2015-01-27 13:34 - 000007168 _____ ( ) [File not signed] C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Interop.NATUPN PLib.dll
2010-07-01 02:56 - 2015-01-27 13:34 - 000012288 _____ ( ) [File not signed] C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Interop.NetFwT ypeLib.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 000258048 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 004317184 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 000258048 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 001199104 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 000642048 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 000511488 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2011-05-06 13:02 - 2011-05-06 13:02 - 000737280 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 002248704 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 008351744 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 000983040 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 011853824 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 000364544 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 000258048 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2011-05-06 12:58 - 2011-05-06 12:58 - 001085440 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2010-05-17 09:47 - 2010-05-17 09:47 - 000110592 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 001199104 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 000642048 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 000175616 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 000291840 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 000511488 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 002248704 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 000983040 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2006-06-09 02:34 - 2006-06-09 02:34 - 000094208 _____ () [File not signed] C:\Windows\DREAMA~1.SCR
2010-12-18 12:22 - 2010-03-17 08:16 - 000517632 _____ (Alcatel-Lucent) [File not signed] C:\Program Files\Common Files\Motive\McciCMService.exe
2009-12-28 02:03 - 2009-09-30 22:48 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2016-08-14 15:44 - 2015-03-17 05:21 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2018-11-01 20:32 - 2018-11-01 20:32 - 001367040 _____ (Dave Kerr) [File not signed] C:\Program Files\PhotoSync\SharpShell.dll
2009-12-28 01:57 - 2009-10-13 15:24 - 000118784 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
2009-12-28 01:57 - 2009-10-13 15:17 - 000208896 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
2009-12-28 02:03 - 2009-09-30 23:33 - 000262144 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2009-12-28 02:03 - 2009-09-30 22:48 - 000077824 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\DTMessageLib.dll
2009-12-28 02:03 - 2009-09-30 22:45 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2009-12-28 02:03 - 2009-09-30 23:34 - 002314240 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2011-06-27 17:51 - 2011-06-27 17:51 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80 .DLL
2011-06-27 17:51 - 2011-06-27 17:51 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80 U.DLL
2011-06-27 17:52 - 2011-06-27 17:52 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3 b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MF C80ENU.DLL
2010-06-10 21:56 - 2015-01-27 13:34 - 000270336 _____ (The Apache Software Foundation) [File not signed] C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\log4net.dll
2010-05-10 14:56 - 2010-05-10 14:56 - 001044480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\LIBEAY32.dll
2010-05-10 14:56 - 2010-05-10 14:56 - 000200704 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Flip Video\FlipShareServer\SSLEAY32.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-06-04 20:04 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-06-04 20:04 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2018-09-08 10:31 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-09-08 10:31 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2019-05-04 09:13 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2018-08-18 10:21 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-01-17 06:06 - 2019-01-17 06:06 - 000011264 _____ (touchbyte GmbH) [File not signed] C:\Program Files\PhotoSync\PhotoSyncShellExtension.dll
2010-10-13 18:06 - 2015-01-27 13:34 - 000363128 _____ (Verizon Internet Solutions -> Verizon) [File not signed] C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4790 more sites.
Reply With Quote
  #19  
Old May 9th, 2019, 07:59 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
IE trusted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\100sexlinks.com -> 100sexlinks.com
There are 4790 more sites.

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2019-01-09 16:03 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3620745168-242742600-4173124476-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\Control Panel\Desktop\\Wallpaper -> C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 2
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: PLFlash DeviceIoControl Service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: sprtsvc_verizondm => 2
MSCONFIG\Services: tgsrvc_verizondm => 2
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^rprplsjv.exe => C:\Windows\pss\rprplsjv.exe.Startup
MSCONFIG\startupreg: AnyDVD => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: dplaysvr => C:\Windows\system32\config\systemprofile\AppData\L ocal\dplaysvr.exe
MSCONFIG\startupreg: hp Update 2100C => C:\sj644\hpupdate.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RprPlsjv => :\Windows\system32\config\systemprofile\AppData\Lo cal\jjadbsaf\rprplsjv.ex
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: VERIZONDM => "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{28186D92-EAEE-4D0C-A8E3-3029FE428AB3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{17B5B88A-942A-436B-B98B-7369A120746E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B6959B40-01F0-451C-9034-6E49AA98C183}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A3687B60-C676-411D-AAC7-62685198B203}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe No File
FirewallRules: [UDP Query User{4D069E86-1EEC-4591-B502-B0A46AE771D1}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe No File
FirewallRules: [{BA8538F2-EDEA-490C-9A36-09B5717A9053}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE No File
FirewallRules: [{71CA420D-DC93-477D-B091-55828021C3F8}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe No File
FirewallRules: [{64C0A5EB-C03A-429F-89EE-9FD0628BAE33}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe No File
FirewallRules: [{0C1EC3F2-7C7C-464C-9956-14E275B051B2}] => (Allow) C:\Users\Tony\AppData\Local\TVersity\Media Server\MediaServer.exe No File
FirewallRules: [{FB07057C-1209-4A94-82A5-07F0A0D3190F}] => (Allow) C:\Users\Tony\AppData\Local\TVersity\Media Server\MediaServer.exe No File
FirewallRules: [TCP Query User{3992749A-9D60-46B9-A2AF-8753CE72DBF2}K:\techwizard.exe] => (Allow) K:\techwizard.exe No File
FirewallRules: [UDP Query User{28B397FE-7373-4287-9106-73F70D12BE8E}K:\techwizard.exe] => (Allow) K:\techwizard.exe No File
FirewallRules: [TCP Query User{F0F43740-39AE-4FA7-A020-C53E335A6F0E}C:\users\tony\appdata\roaming\dropbox \bin\dropbox.exe] => (Allow) C:\users\tony\appdata\roaming\dropbox\bin\dropbox. exe (Dropbox -> Dropbox, Inc.)
FirewallRules: [UDP Query User{877298EE-9066-4B3B-B867-783CB7C7435F}C:\users\tony\appdata\roaming\dropbox \bin\dropbox.exe] => (Allow) C:\users\tony\appdata\roaming\dropbox\bin\dropbox. exe (Dropbox -> Dropbox, Inc.)
FirewallRules: [TCP Query User{99D39DB8-E987-43BC-B10A-FE013108B642}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{53D7EE24-AC7B-4E8B-B863-82262927A29D}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{3FFCD736-D7D0-4046-BDA1-623028358D47}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{88D0313F-4575-4863-B9DB-67AB5BDAA670}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2A526309-5E1B-4EA8-AEB9-6AA1A99AA552}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E30515F5-DCE4-469A-B11A-EDB13E7E5FA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1984A6E5-3243-4714-ACD6-70867D3D64C5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{007CE6BB-79E0-422D-ACB5-6186D013502A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
==================== Restore Points =========================
04-05-2019 12:15:03 Configured Microsoft Office Enterprise 2007
05-05-2019 23:49:02 Configured Microsoft Office Enterprise 2007
06-05-2019 01:04:55 Configured Microsoft Office Enterprise 2007
06-05-2019 01:06:33 Configured Microsoft Office Enterprise 2007
06-05-2019 01:16:12 Configured Microsoft Office Enterprise 2007
06-05-2019 11:58:06 Configured Microsoft Office Enterprise 2007
06-05-2019 17:42:53 Installed Microsoft Office Word MUI (English) 2010
07-05-2019 21:11:41 Configured Microsoft Office Enterprise 2007
07-05-2019 21:14:06 Configured Microsoft Office Enterprise 2007
07-05-2019 21:33:05 Configured Microsoft Office Enterprise 2007
07-05-2019 21:37:20 Configured Microsoft Office Enterprise 2007
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2019 02:45:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Tony\AppData\Local\chromium\Application\ chrome.exe".
Dependent Assembly 58.0.2988.0,language="*",type="win32",version="58. 0.2988.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (05/09/2019 02:41:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Tony-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - The system cannot find the file specified.
Error: (05/09/2019 02:41:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tony-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (05/09/2019 02:41:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Tony-PC)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - The system cannot find the file specified.
Error: (05/09/2019 02:41:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Tony-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (05/09/2019 02:37:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarminService.exe, version: 4.2.0.7, time stamp: 0x55258670
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23915, time stamp: 0x59b94abb
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x4c4
Faulting application start time: 0x01d5069637ec30ce
Faulting application path: C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 7eddd084-7289-11e9-810a-90fba62e0567
Error: (05/09/2019 02:37:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GarminService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Garmin.Omt.Service.Program.Run()
at Garmin.Omt.Service.Program.Main(System.String[])
Error: (05/08/2019 10:43:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18838 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 15ec
Start Time: 01d5060ed062b2bd
Termination Time: 25
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:

System errors:
=============
Error: (05/09/2019 02:46:48 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Error: (05/09/2019 02:43:05 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Error: (05/09/2019 02:40:32 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (05/09/2019 02:40:32 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
Error: (05/09/2019 02:40:32 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Error: (05/09/2019 02:39:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 4 time(s).
Error: (05/09/2019 02:39:26 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
Error: (05/09/2019 02:39:21 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume3.

Windows Defender:
===================================
Date: 2014-10-13 05:38:25.099
Description:
Windows Defender scan has encountered an error and terminated.
Scan ID:{8B820D4F-304A-467A-88D6-FCF8793EE09C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
Error Code:0x8050800d
Error description:Some history items could not be displayed. Please wait a few minutes and try again. If that doesn't work, clear the history and then try again.
CodeIntegrity:
===================================
Date: 2014-04-21 20:13:52.032
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-21 20:13:52.016
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-21 20:13:52.001
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-04-21 20:13:51.985
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-19 15:50:22.106
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-19 15:50:22.090
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-19 15:50:22.075
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-19 15:50:22.059
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P01-A0 11/17/2009
Motherboard: Gateway H57M01
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 71%
Total physical RAM: 6007.09 MB
Available physical RAM: 1706.99 MB
Total Virtual: 12012.37 MB
Available Virtual: 7556.23 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:919.41 GB) (Free:218.83 GB) NTFS
Drive f: (Elements) (Fixed) (Total:1862.98 GB) (Free:1768.11 GB) NTFS
\\?\Volume{d851e880-f374-11de-8d84-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{d851e87f-f374-11de-8d84-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:12 GB) (Free:4.5 GB) NTFS
==================== MBR & Partition Table ==================
================================================== ======
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 94462B7A)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.4 GB) - (Type=07 NTFS)
================================================== ======
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==================== End of Addition.txt ============================
Reply With Quote
  #20  
Old May 9th, 2019, 11:21 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
Excellent. Good job. I'll have to weed through that and see what's wrong. I took a quick look at it and so far don't see anything wrong.
Reply With Quote
  #21  
Old May 10th, 2019, 12:19 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
Yes, I now see the malware startup, but no file. Did you run a scan with Malwarebytes? Actually, post back on what scans you have run so far.

---------------------------

Uninstall Web Companion. It's a home page and search hijacker.

---------------------

Go to Start Search, type notepad.exe in the Start Search box, then press Enter.

In the open Notepad box, copy and paste the following (inside the Code box), and save it to the same location FRST is as fixlist.txt (which appears to be Tony\Desktop):


Code:
Start
HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\Winlogon: [Shell] C:\ProgramData\intermod-42\intermod-5.exe -4,explorer.exe <==== ATTENTION
URLSearchHook: [S-1-5-21-3620745168-242742600-4173124476-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904920] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3620745168-242742600-4173124476-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143905342] ATTENTION => Default URLSearchHook is missing
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinServ ice.exe [25192 2017-06-22] (Lavasoft Software Canada -> )
2019-04-30 20:43 - 2019-04-30 20:43 - 000000820 ____N C:\Users\Amanda\Desktop\HOW_FIX_NOZELESN_FILES.htm
2019-04-29 12:23 - 2019-04-29 12:23 - 000000820 ____N C:\Users\Tony\HOW_FIX_NOZELESN_FILES.htm
2019-04-28 14:41 - 2019-04-28 14:41 - 000000820 ____N C:\Users\Tony\AppData\HOW_FIX_NOZELESN_FILES.htm
2019-04-27 08:29 - 2019-04-27 08:29 - 000000820 ____N C:\ProgramData\HOW_FIX_NOZELESN_FILES.htm
2019-04-25 22:51 - 2019-04-25 22:51 - 000000820 ____N C:\Users\Amanda\Documents\HOW_FIX_NOZELESN_FILES.h tm
2019-04-25 22:22 - 2019-04-25 22:22 - 000000820 ____N C:\Users\Amanda\HOW_FIX_NOZELESN_FILES.htm
2019-04-14 23:47 - 2019-04-14 23:47 - 000000820 ____N C:\Users\Amanda\AppData\Local\HOW_FIX_NOZELESN_FIL ES.htm
2019-04-13 16:10 - 2019-04-13 16:10 - 000000820 ____N C:\Users\Sonia\AppData\Local\HOW_FIX_NOZELESN_FILE S.htm
2019-04-08 15:47 - 2019-04-08 15:47 - 000000820 ____N () C:\Users\Tony\AppData\Roaming\HOW_FIX_NOZELESN_FIL ES.htm
IE trusted site: HKU\S-1-5-21-3620745168-242742600-4173124476-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05092019143904016\...\webcompanion.com -> hxxp://webcompanion.com
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tony^AppData^Roaming^Microsoft^Windows^St art Menu^Programs^Startup^rprplsjv.exe => C:\Windows\pss\rprplsjv.exe.Startup
MSCONFIG\startupreg: RprPlsjv => :\Windows\system32\config\systemprofile\AppData\Lo cal\jjadbsaf\rprplsjv.ex
End
Run FRST again, and click the Fix button. Once the repairs have completed a log will open - post that back here please.

----------------
Reply With Quote
  #22  
Old May 10th, 2019, 12:55 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
Of course I will refer you reading the info here. Some of the web info on this infection indicates often it comes with a malware-hacked torrent download.

You can try right clicking on one of the infected files, and selecting "Restore previous versions", but usually the malware deletes the "shadow copy" as well.


I would also like to check on of the files from your Tony Documents folder. Select a small file that has been encrypted by the malware, zip a copy of it (to avoid email malware detection chances), and send it to the email address I will send you in a PM.
Reply With Quote
  #23  
Old May 11th, 2019, 02:59 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
Hi Jintan, I am unable to run the Farber recovery Tool again due to me getting the “there is no disk in the drive” prompt again. It stops at that point and I can’t continue. I also had deleted all “Tony’s Documents” infected files and mostly all the infected files when you told me there probably was no way to recover them. I did try “restore previous version” on music files that had the same malware extension but it gave no option to recover. I DID run a malwarebytes scan when I initially noticed the malware had infected my computer. It quarantined about 25 infected files. I do notice that everything I’ve replaced through backups are fine and all the files I originally had on my desktop before the malware had not been effected. Should I try running another Malwatebytes scan?
Reply With Quote
  #24  
Old May 11th, 2019, 04:25 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
Hi, this is a scan report of the first scan I did when I first noticed the infection and before I even posted my issue on Cybertechhelp:

alwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 5/4/19
Scan Time: 9:40 AM
Log File: 34a2111a-6e72-11e9-bd4a-90fba62e0567.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.10464
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tony-PC\Tony
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 448183
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 1 hr, 4 min, 47 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 1
MachineLearning/Anomalous.96%, HKU\S-1-5-21-3620745168-242742600-4173124476-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN |prochot-6, Quarantined, [0], [392687],1.0.10464
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 2
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\WINDOWS\TEMP\APN-STUB, Quarantined, [3621], [181296],1.0.10464
File: 22
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Msi1ef49b4d-45d5-4fb1-827c-8c514dac1e59.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Msi338e3fe4-28a8-46a9-a98e-220822514cc6.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Msi787bc6f6-44e9-4fbb-9e2c-51e0b0f2def5.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Msi96489917-edc1-4025-bd6a-a1a4ba7f44a4.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Stb1ef49b4d-45d5-4fb1-827c-8c514dac1e59.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Stb338e3fe4-28a8-46a9-a98e-220822514cc6.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Stb787bc6f6-44e9-4fbb-9e2c-51e0b0f2def5.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Stb96489917-edc1-4025-bd6a-a1a4ba7f44a4.log, Quarantined, [3621], [181296],1.0.10464
PUP.Optional.ASK.Gen, C:\Windows\temp\APN-Stub\MP3RV7\Stbbb1130ed-3666-416d-bbbb-c59eeebbf439.log, Quarantined, [3621], [181296],1.0.10464
MachineLearning/Anomalous.96%, C:\PROGRAMDATA\INTERMOD-42\INTERMOD-5.EXE, Quarantined, [0], [392687],1.0.10464
MachineLearning/Anomalous.96%, C:\PROGRAMDATA\PROCHOT-31\PROCHOT-6.EXE, Quarantined, [0], [392687],1.0.10464
Trojan.Downloader, C:\USERS\TONY\APPDATA\LOCAL\TEMP\24AF.TMP, Quarantined, [517], [674845],1.0.10464
MachineLearning/Anomalous.95%, C:\USERS\TONY\APPDATA\LOCAL\TEMP\9645.TMP, Quarantined, [0], [392687],1.0.10464
Generic.Malware/Suspicious, C:\USERS\TONY\APPDATA\LOCAL\TEMP\BB3.TMP, Quarantined, [0], [392686],1.0.10464
MachineLearning/Anomalous.100%, C:\USERS\TONY\APPDATA\LOCAL\TEMP\DF08.TMP, Quarantined, [0], [392687],1.0.10464
Trojan.Nymaim, C:\USERS\TONY\APPDATA\LOCAL\TEMP\1CF2.TMP, Quarantined, [577], [677313],1.0.10464
Trojan.Nymaim, C:\USERS\TONY\APPDATA\LOCAL\TEMP\A3FC.TMP, Quarantined, [577], [672170],1.0.10464
Generic.Malware/Suspicious, C:\USERS\TONY\APPDATA\LOCAL\TEMP\91C3.TMP, Quarantined, [0], [392686],1.0.10464
MachineLearning/Anomalous.96%, C:\USERS\TONY\APPDATA\LOCAL\TEMP\5CAF.TMP, Quarantined, [0], [392687],1.0.10464
Trojan.Nymaim, C:\USERS\TONY\APPDATA\LOCAL\TEMP\E197.TMP, Quarantined, [577], [677309],1.0.10464
MachineLearning/Anomalous.100%, C:\USERS\TONY\APPDATA\ROAMING\MICROSOFT\WINDOWS\ST ART MENU\PROGRAMS\STARTUP\blvds-6.lnk, Quarantined, [0], [392687],1.0.10464
MachineLearning/Anomalous.100%, C:\USERS\TONY\APPDATA\LOCAL\BLVDS-0\BLVDS-8.EXE, Quarantined, [0], [392687],1.0.10464
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)
Reply With Quote
  #25  
Old May 11th, 2019, 04:26 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
AND this is the scan results from today.

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 5/11/19
Scan Time: 10:12 AM
Log File: c71f4a38-73f6-11e9-9244-90fba62e0567.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10558
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tony-PC\Tony
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 455553
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 hr, 3 min, 4 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
Trojan.Nymaim, C:\USERS\TONY\APPDATA\LOCAL\TEMP\C199.TMP, Quarantined, [579], [679843],1.0.10558
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)
Reply With Quote
  #26  
Old May 11th, 2019, 09:46 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
That error with FRST sure suggests there is something else afoot there, though the TDSSKiller log didn't show it.


Why not download and run RogueKiller from here. I am not up to date on it's procedures, but have it clean everything it finds, and try to produce a log file from it and post it here please.
Reply With Quote
  #27  
Old May 12th, 2019, 06:50 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
RogueKiller Anti-Malware V13.1.10.0 (x64) [Apr 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Tony [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190423_114402, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/05/12 13:46:26 (Duration : 01:33:36)
Switches : -refid 3
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.BestBuy (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Best Buy -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\SereneScreen -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Software\csastats -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Software\ProductSetup -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Software\SereneScreen -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Software\Microsoft\Windows\CurrentVersion\Run |Adobe CSS5.1 Manager -- [%localappdata%\3c9e4e0a-fb92-404b-9b2d-9259b37d4e52ad\ceeafbbbdbdead.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Software\Microsoft\Windows\CurrentVersion\Run |RprPlsjv -- [:\Windows\system32\config\systemprofile\AppData\Lo cal\jjadbsaf\rprplsjv.ex] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|shell -- [%programdata%\intermod-42\intermod-5.exe -4,explorer.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_USERS\S-1-5-21-3620745168-242742600-4173124476-1001\Control Panel\Desktop|SCRNSAVE.EXE -- [%SystemRoot%\Dream Aquarium.scr] -> Replaced (C:\Windows\system32\logon.scr)
[PUP.Gen1 (Potentially Malicious)] Web Companion -- %_Tony_appdata%\Lavasoft\Web Companion -> Deleted
[PUP.Gen1 (Potentially Malicious)] Web Companion -- %programdata%\Lavasoft\Web Companion -> Deleted
[PUP.Gen1 (Potentially Malicious)] SereneScreen -- %programdata%\Microsoft\Windows\Start Menu\Programs\SereneScreen -> Deleted
[PUP.WebCompanion|PUP.Gen1 (Potentially Malicious)] Web Companion -- %programfiles(x86)%\Lavasoft\Web Companion -> Deleted
[PUP.Gen1 (Potentially Malicious)] SereneScreen -- %programfiles(x86)%\SereneScreen -> Deleted
Reply With Quote
  #28  
Old May 13th, 2019, 01:20 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
Good, that took out what Frst was supposed to take out in that fixlist. What problems do we still have to deal with there?
Reply With Quote
  #29  
Old May 14th, 2019, 01:44 PM
trod14 trod14 is offline
Senior Member
 
Join Date: Jun 2004
Posts: 165
Everything seems to be ok at this point. That virus infected all my documents and all the music I had in my ITunes library because I had kept the music in a portable hard drive that I have had plugged into the computer thus infecting all the files. Thank God I had practically all that was infected backed up in separate hard drives not attached to the computer. Should I go ahead and delete all files I find with the infected virus? Also, can we reverse the "Administrator" Login that we made show up on my start page to run Frstrun? And lastly, is there a final scan I should do to make sure all is cleaned out? Thanks so much for your help....
Reply With Quote
  #30  
Old May 15th, 2019, 02:11 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 51,766
Likely no need to run any other scans.

Yes, you can delete any infection-altered files you come upon, since they are useless now. Also any HOW_FIX_NOZELESN_FILES.htm files.

Log in as the Tony user.

Go to Uninstall/Programs and Features and uninstall RogueKiller.

Delete FRST, and any FRST folders. Delete TDSSKiller as well.

Run cmd with Admin privileges again, and type the following (Enter after):

net user administrator /active:no

That should do it.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:19 AM.