• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

[Solved] I think my Dad has been scammed

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
Long one, sorry.
My Dad is in his early seventies but still working part time, in a business partnership. I used to help him a bit with computer stuff until I took on more hours at work. Anyway, he called me yesterday to say his email layout had changed and he didn't know how to change it back, so I called round in my lunch hour and restored his email, but noticed two new icons in his toolbar. One turned out to be Adblock Plus, the other is a capital, red A, that says ABlock. I asked Dad about them and he said he had had to pay for them when his computer had completely broken around a month ago. When I questioned him further, he said he had been looking for a new van when the computer froze and a message came up. He said he had had to ring a number, but he was getting embarrassed and staring skimping on the details. What I do know is that it took several long phone calls and a person with an American accent used remote access to his computer to remove the "problem" and install these Adblockers. He paid them nearly £600 by credit card.
I found a receipt for this on his computer from Live Technologies, telephone number toll free 0 800 014 8983.
I had no further time to investigate and the fact my Dad has said nothing to me about this before now means he didn't really want me to know, or my Mum to know meant he wouldn't give me full details. He said it was done through Sky (his provider) and he was told the price at every stage and was advised he would be better off getting a new PC, but Dad said he absolutely needed it for work so he went ahead. I have phoned him since and made him check his credit card activity and bank accounts, and he swears to me all is in order.
His computer is an Average laptop, running on Vista. He's had it since 2007.

Please advise me how to help him. I'm sure he wants discretion, but this has upset me so much
 

DSTM

FPCH Long Term Member
Joined
Dec 10, 2007
PC Experience
Some Experience
Both ADBLOCK and ADBLOCK PLUS are free. They are scammers.
I know another guy who lost $700 to these scammers, wrecked the OS into the bargain.
 
Last edited:

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi there,

In cases like this, it's always best to check the whole system.
If you want to follow these instructions we can get to work and check your fathers system for him.
and don't worry, there is no charge for any work we do:

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator


  • When the tool opens click Yes to disclaimer.


  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


In your next reply, please submit:
Both reports from FRST.


Thanks.
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
How long will this take to run?

Hi there,

In cases like this, it's always best to check the whole system.
If you want to follow these instructions we can get to work and check your fathers system for him.
and don't worry, there is no charge for any work we do:

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator


  • When the tool opens click Yes to disclaimer.


  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


In your next reply, please submit:
Both reports from FRST.


Thanks.
Thank you so much for replying. Getting access to his computer will be the problem, but if I can do this in under an hour, then I can go over in lunch hour and star having a look at things. Might be a few days before I can get a reply posted up here. I have got my brother involved now, who has dug out a tablet for him to use until we can get this sorted, so Dad is under strict instructions not to visit bank or buying sites on his computer. This started before Christmas, he has only just admitted to me and there has been no suspicious activity on his accounts apparently, just the one payment to Live Technologies.
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi there,

but if I can do this in under an hour, then I can go over in lunch hour and star having a look at things.
The download and the initial scan can be completed in about 5 mins.
Obviously once posted it will take me longer to go through the scan reports and write a fix if one is required.
Just post the reports when you can, this post will always remain open.
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-01-2015
Ran by Admin (administrator) on ADMIN-PC (18-01-2016 13:33:27)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [NWEReboot] => [X]
Winlogon\Notify\!SASWinLogon: F:\SASWINLO.DLL [X]
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\...\MountPoints2: {d38da53a-ccdc-11e1-9f4a-0016d4b23538} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{538F1621-5099-4C03-BD04-BE2A05E2F80F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C581A5FF-006B-459F-9BCF-4145EA3C9B61}: [DhcpNameServer] 192.168.0.1


Internet Explorer:
==================
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.norton.com
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.skybroadband.com
SearchScopes: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab


FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default
FF NewTab: hxxp://search.babylon.com/?affID=111803&babsrc=NT_ss&mntrId=d2fdf9320000000000000019d220cce2
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.babylon.com/?affID=111803&babsrc=HP_ss&mntrId=d2fdf9320000000000000019d220cce2
FF Keyword.URL: hxxp://search.babylon.com/?affID=111803&babsrc=KW_ss&mntrId=d2fdf9320000000000000019d220cce2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\user.js [2012-07-13]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-14] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2016-01-13]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]


Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-13]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (ABlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcchaiacddlgkccppchimljondmpikpg [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.CI6XXID4S2E4GYKPJ7WETYJMDQ - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160114.001\BHDrvx86.sys [1193032 2015-10-08] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1605050.00F\ccSetx86.sys [137456 2015-07-11] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [68096 2007-08-16] (ENE Technology Inc.)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-18] (Symantec Corporation)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [47104 2007-08-16] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [64512 2007-08-16] (ENE Technology Inc.)
S1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160116.001\IDSvix86.sys [580344 2015-12-04] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160117.023\NAVENG.SYS [104440 2015-10-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160117.023\NAVEX15.SYS [1647216 2015-10-30] (Symantec Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1605050.00F\SRTSP.SYS [712944 2015-11-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1605050.00F\SRTSPX.SYS [44792 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NIS\1605050.00F\SYMEFASI.SYS [1287408 2015-11-11] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-07-27] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1605050.00F\Ironx86.SYS [234744 2015-07-11] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1605050.00F\SYMTDIV.SYS [358104 2015-11-11] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-18 13:33 - 2016-01-18 13:34 - 00013738 _____ C:\Users\Admin\Downloads\FRST.txt
2016-01-18 13:33 - 2016-01-18 13:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2016-01-18 13:32 - 2016-01-18 13:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-01-18 13:30 - 2016-01-18 13:30 - 00077740 _____ C:\Windows\ntbtlog.txt
2016-01-18 13:25 - 2016-01-18 13:33 - 00000000 ____D C:\FRST
2016-01-14 17:43 - 2016-01-14 17:43 - 00505070 _____ C:\Users\Admin\Downloads\Top-002 (40).BMP
2016-01-14 14:26 - 2016-01-14 14:26 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (55).BMP
2016-01-13 10:34 - 2015-12-05 17:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:34 - 2015-12-05 17:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:34 - 2015-12-05 16:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 10:34 - 2015-12-05 15:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 10:34 - 2015-11-13 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 10:34 - 2015-11-13 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 10:34 - 2015-11-13 15:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 10:33 - 2015-12-08 17:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:09 - 2015-12-05 17:02 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:06 - 2015-12-30 17:12 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 10:06 - 2015-12-30 17:12 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 20:03 - 2015-12-15 21:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 20:03 - 2015-12-15 21:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 20:03 - 2015-12-15 21:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 20:03 - 2015-12-15 21:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 20:03 - 2015-12-15 21:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 20:03 - 2015-12-15 21:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 20:03 - 2015-12-15 21:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 20:03 - 2015-12-15 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 20:03 - 2015-12-15 21:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-12 20:03 - 2015-12-15 21:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-08 14:16 - 2016-01-08 14:16 - 00027785 _____ C:\Users\Admin\Downloads\J2947 VQ4.pdf
2016-01-07 16:51 - 2016-01-07 16:51 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (54).BMP
2016-01-07 12:32 - 2016-01-07 12:32 - 05414139 _____ C:\Users\Admin\Downloads\EPSON028 (1).PDF
2016-01-07 12:28 - 2016-01-07 12:28 - 05414139 _____ C:\Users\Admin\Downloads\EPSON028.PDF
2016-01-07 12:09 - 2016-01-07 12:09 - 00007508 _____ C:\Users\Admin\Downloads\INVCRD0000844169.pdf
2016-01-07 12:07 - 2016-01-07 12:07 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (5).pdf
2016-01-07 12:07 - 2016-01-07 12:07 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (4).pdf
2016-01-07 12:06 - 2016-01-07 12:06 - 00022248 _____ C:\Users\Admin\Downloads\EXPDOC0000838720 (1).pdf
2016-01-07 12:05 - 2016-01-07 12:05 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (3).pdf
2016-01-07 12:02 - 2016-01-07 12:02 - 00007198 _____ C:\Users\Admin\Downloads\INVCRD0000844170 (1).pdf
2016-01-07 12:01 - 2016-01-07 12:01 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168 (2).pdf
2016-01-07 11:59 - 2016-01-07 11:59 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168 (1).pdf
2016-01-07 09:34 - 2016-01-07 09:34 - 00505070 _____ C:\Users\Admin\Downloads\Top (100).BMP
2016-01-06 12:30 - 2016-01-06 12:30 - 03489285 _____ C:\Users\Admin\Downloads\SH numbered seat plan with door numbers new logo & E29 GT 300408.pdf
2016-01-06 12:30 - 2016-01-06 12:30 - 03489285 _____ C:\Users\Admin\Downloads\SH numbered seat plan with door numbers new logo & E29 GT 300408 (1).pdf
2016-01-05 17:44 - 2016-01-05 17:44 - 00034903 _____ C:\Users\Admin\Downloads\Attached Message Part (1)
2016-01-05 17:44 - 2016-01-05 17:44 - 00034903 _____ C:\Users\Admin\Downloads\Attached Message Part
2016-01-04 17:04 - 2016-01-04 17:04 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (2).pdf
2016-01-04 17:02 - 2016-01-04 17:02 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (1).pdf
2016-01-04 17:01 - 2016-01-04 17:01 - 00007198 _____ C:\Users\Admin\Downloads\INVCRD0000844170.pdf
2016-01-04 16:58 - 2016-01-04 16:58 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168.pdf
2016-01-04 16:25 - 2016-01-04 16:25 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722.pdf
2016-01-04 16:24 - 2016-01-04 16:24 - 00022248 _____ C:\Users\Admin\Downloads\EXPDOC0000838720.pdf
2015-12-22 19:47 - 2015-12-22 19:47 - 00095500 _____ C:\Users\Admin\Downloads\000001014768047.pdf
2015-12-22 12:45 - 2015-12-22 12:45 - 00505070 _____ C:\Users\Admin\Downloads\Top-003 (22).BMP
2015-12-22 12:44 - 2015-12-22 12:44 - 00505070 _____ C:\Users\Admin\Downloads\Top-002 (39).BMP
2015-12-22 12:44 - 2015-12-22 12:44 - 00505070 _____ C:\Users\Admin\Downloads\Top (99).BMP
2015-12-22 12:28 - 2015-12-22 12:28 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (53).BMP
2015-12-21 20:16 - 2015-12-21 20:16 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (52).BMP
2015-12-21 20:16 - 2015-12-21 20:16 - 00505070 _____ C:\Users\Admin\Downloads\Top (98).BMP
2015-12-19 14:07 - 2015-12-19 14:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-18 13:33 - 2006-11-02 11:18 - 00000000 ____D C:\Windows
2016-01-18 13:28 - 2006-11-02 13:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-18 13:28 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 13:28 - 2006-11-02 12:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 13:28 - 2006-11-02 12:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 13:25 - 2013-02-16 14:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\U3
2016-01-18 13:25 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2016-01-18 13:25 - 2006-11-02 10:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 23:26 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2016-01-13 11:00 - 2006-11-02 12:47 - 00260016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 10:33 - 2013-08-15 08:05 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 10:10 - 2006-11-02 10:24 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-12-19 09:44 - 2015-07-23 06:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-19 09:44 - 2015-07-23 06:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 09:44 - 2012-07-13 09:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job


==================== Files in the root of some directories =======


2015-08-28 09:05 - 2015-08-28 09:05 - 6420480 _____ () C:\Program Files\GUTEBF5.tmp
2013-09-19 19:58 - 2013-09-19 19:58 - 0000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2012-08-12 15:50 - 2014-08-26 13:35 - 0005632 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-21 10:34 - 2013-04-10 14:12 - 0034802 _____ () C:\ProgramData\hpzinstall.log


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-01-18 12:11


==================== End of FRST.txt ============================
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-01-2015
Ran by Admin (administrator) on ADMIN-PC (18-01-2016 13:33:27)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [NWEReboot] => [X]
Winlogon\Notify\!SASWinLogon: F:\SASWINLO.DLL [X]
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\...\MountPoints2: {d38da53a-ccdc-11e1-9f4a-0016d4b23538} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{538F1621-5099-4C03-BD04-BE2A05E2F80F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C581A5FF-006B-459F-9BCF-4145EA3C9B61}: [DhcpNameServer] 192.168.0.1


Internet Explorer:
==================
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.norton.com
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.skybroadband.com
SearchScopes: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab


FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default
FF NewTab: hxxp://search.babylon.com/?affID=111803&babsrc=NT_ss&mntrId=d2fdf9320000000000000019d220cce2
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.babylon.com/?affID=111803&babsrc=HP_ss&mntrId=d2fdf9320000000000000019d220cce2
FF Keyword.URL: hxxp://search.babylon.com/?affID=111803&babsrc=KW_ss&mntrId=d2fdf9320000000000000019d220cce2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\user.js [2012-07-13]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-14] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2016-01-13]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]


Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-13]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (ABlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcchaiacddlgkccppchimljondmpikpg [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.CI6XXID4S2E4GYKPJ7WETYJMDQ - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160114.001\BHDrvx86.sys [1193032 2015-10-08] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1605050.00F\ccSetx86.sys [137456 2015-07-11] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [68096 2007-08-16] (ENE Technology Inc.)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-18] (Symantec Corporation)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [47104 2007-08-16] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [64512 2007-08-16] (ENE Technology Inc.)
S1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160116.001\IDSvix86.sys [580344 2015-12-04] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160117.023\NAVENG.SYS [104440 2015-10-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160117.023\NAVEX15.SYS [1647216 2015-10-30] (Symantec Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1605050.00F\SRTSP.SYS [712944 2015-11-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1605050.00F\SRTSPX.SYS [44792 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NIS\1605050.00F\SYMEFASI.SYS [1287408 2015-11-11] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-07-27] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1605050.00F\Ironx86.SYS [234744 2015-07-11] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1605050.00F\SYMTDIV.SYS [358104 2015-11-11] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-18 13:33 - 2016-01-18 13:34 - 00013738 _____ C:\Users\Admin\Downloads\FRST.txt
2016-01-18 13:33 - 2016-01-18 13:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2016-01-18 13:32 - 2016-01-18 13:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-01-18 13:30 - 2016-01-18 13:30 - 00077740 _____ C:\Windows\ntbtlog.txt
2016-01-18 13:25 - 2016-01-18 13:33 - 00000000 ____D C:\FRST
2016-01-14 17:43 - 2016-01-14 17:43 - 00505070 _____ C:\Users\Admin\Downloads\Top-002 (40).BMP
2016-01-14 14:26 - 2016-01-14 14:26 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (55).BMP
2016-01-13 10:34 - 2015-12-05 17:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:34 - 2015-12-05 17:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:34 - 2015-12-05 16:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 10:34 - 2015-12-05 15:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 10:34 - 2015-11-13 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 10:34 - 2015-11-13 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 10:34 - 2015-11-13 15:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 10:33 - 2015-12-08 17:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:09 - 2015-12-05 17:02 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:06 - 2015-12-30 17:12 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 10:06 - 2015-12-30 17:12 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 20:03 - 2015-12-15 21:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 20:03 - 2015-12-15 21:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 20:03 - 2015-12-15 21:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 20:03 - 2015-12-15 21:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 20:03 - 2015-12-15 21:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 20:03 - 2015-12-15 21:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 20:03 - 2015-12-15 21:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 20:03 - 2015-12-15 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 20:03 - 2015-12-15 21:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-12 20:03 - 2015-12-15 21:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-08 14:16 - 2016-01-08 14:16 - 00027785 _____ C:\Users\Admin\Downloads\J2947 VQ4.pdf
2016-01-07 16:51 - 2016-01-07 16:51 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (54).BMP
2016-01-07 12:32 - 2016-01-07 12:32 - 05414139 _____ C:\Users\Admin\Downloads\EPSON028 (1).PDF
2016-01-07 12:28 - 2016-01-07 12:28 - 05414139 _____ C:\Users\Admin\Downloads\EPSON028.PDF
2016-01-07 12:09 - 2016-01-07 12:09 - 00007508 _____ C:\Users\Admin\Downloads\INVCRD0000844169.pdf
2016-01-07 12:07 - 2016-01-07 12:07 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (5).pdf
2016-01-07 12:07 - 2016-01-07 12:07 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (4).pdf
2016-01-07 12:06 - 2016-01-07 12:06 - 00022248 _____ C:\Users\Admin\Downloads\EXPDOC0000838720 (1).pdf
2016-01-07 12:05 - 2016-01-07 12:05 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (3).pdf
2016-01-07 12:02 - 2016-01-07 12:02 - 00007198 _____ C:\Users\Admin\Downloads\INVCRD0000844170 (1).pdf
2016-01-07 12:01 - 2016-01-07 12:01 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168 (2).pdf
2016-01-07 11:59 - 2016-01-07 11:59 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168 (1).pdf
2016-01-07 09:34 - 2016-01-07 09:34 - 00505070 _____ C:\Users\Admin\Downloads\Top (100).BMP
2016-01-06 12:30 - 2016-01-06 12:30 - 03489285 _____ C:\Users\Admin\Downloads\SH numbered seat plan with door numbers new logo & E29 GT 300408.pdf
2016-01-06 12:30 - 2016-01-06 12:30 - 03489285 _____ C:\Users\Admin\Downloads\SH numbered seat plan with door numbers new logo & E29 GT 300408 (1).pdf
2016-01-05 17:44 - 2016-01-05 17:44 - 00034903 _____ C:\Users\Admin\Downloads\Attached Message Part (1)
2016-01-05 17:44 - 2016-01-05 17:44 - 00034903 _____ C:\Users\Admin\Downloads\Attached Message Part
2016-01-04 17:04 - 2016-01-04 17:04 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (2).pdf
2016-01-04 17:02 - 2016-01-04 17:02 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (1).pdf
2016-01-04 17:01 - 2016-01-04 17:01 - 00007198 _____ C:\Users\Admin\Downloads\INVCRD0000844170.pdf
2016-01-04 16:58 - 2016-01-04 16:58 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168.pdf
2016-01-04 16:25 - 2016-01-04 16:25 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722.pdf
2016-01-04 16:24 - 2016-01-04 16:24 - 00022248 _____ C:\Users\Admin\Downloads\EXPDOC0000838720.pdf
2015-12-22 19:47 - 2015-12-22 19:47 - 00095500 _____ C:\Users\Admin\Downloads\000001014768047.pdf
2015-12-22 12:45 - 2015-12-22 12:45 - 00505070 _____ C:\Users\Admin\Downloads\Top-003 (22).BMP
2015-12-22 12:44 - 2015-12-22 12:44 - 00505070 _____ C:\Users\Admin\Downloads\Top-002 (39).BMP
2015-12-22 12:44 - 2015-12-22 12:44 - 00505070 _____ C:\Users\Admin\Downloads\Top (99).BMP
2015-12-22 12:28 - 2015-12-22 12:28 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (53).BMP
2015-12-21 20:16 - 2015-12-21 20:16 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (52).BMP
2015-12-21 20:16 - 2015-12-21 20:16 - 00505070 _____ C:\Users\Admin\Downloads\Top (98).BMP
2015-12-19 14:07 - 2015-12-19 14:07 - 00000000 ____D C:\Users\Admin\AppData\Local\Apple


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-18 13:33 - 2006-11-02 11:18 - 00000000 ____D C:\Windows
2016-01-18 13:28 - 2006-11-02 13:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-18 13:28 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 13:28 - 2006-11-02 12:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 13:28 - 2006-11-02 12:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 13:25 - 2013-02-16 14:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\U3
2016-01-18 13:25 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2016-01-18 13:25 - 2006-11-02 10:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 23:26 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2016-01-13 11:00 - 2006-11-02 12:47 - 00260016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 10:33 - 2013-08-15 08:05 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 10:10 - 2006-11-02 10:24 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-12-19 09:44 - 2015-07-23 06:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-19 09:44 - 2015-07-23 06:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-19 09:44 - 2012-07-13 09:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job


==================== Files in the root of some directories =======


2015-08-28 09:05 - 2015-08-28 09:05 - 6420480 _____ () C:\Program Files\GUTEBF5.tmp
2013-09-19 19:58 - 2013-09-19 19:58 - 0000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2012-08-12 15:50 - 2014-08-26 13:35 - 0005632 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-21 10:34 - 2013-04-10 14:12 - 0034802 _____ () C:\ProgramData\hpzinstall.log


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-01-18 12:11


==================== End of FRST.txt ============================
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-01-2015
Ran by Admin (2016-01-18 13:35:01)
Running from C:\Users\Admin\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2012-07-11 14:16:55)
Boot Mode: Safe Mode (with Networking)
==========================================================




==================== Accounts: =============================


Admin (S-1-5-21-1000093575-2614507329-1950583498-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1000093575-2614507329-1950583498-500 - Administrator - Disabled)
Guest (S-1-5-21-1000093575-2614507329-1950583498-501 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Norton Internet Security (Enabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
EZ Vinyl Converter by MixMeister 1.0.5 (HKLM\...\EZ Vinyl Converter by MixMeister_is1) (Version: - MixMeister Technology LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPSSupply (HKLM\...\{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}) (Version: 2.1.3.0000 - Hewlett Packard Development Company L.P.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{35C0A1E4-D02A-412C-841F-266DBB116ABB}) (Version: 12.02.0000 - Intel(R) Corporation)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
K-Lite Codec Pack 3.8.0 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 3.8.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird (3.0.4) (HKLM\...\Mozilla Thunderbird (3.0.4)) (Version: 3.0.4 (en-GB) - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.2.2414.0 - CyberLink Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Scrabble™ Interactive 2009 Edition (HKLM\...\Scrabble™ Interactive 2009 Edition_is1) (Version: - )
Sky Broadband (HKLM\...\{14C35072-D7D0-4B29-B5BF-C94E426D77E9}) (Version: 1.0.0 - Sky Broadband)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {13E55A93-7D69-45AC-B477-3AE6030275AE} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {26C02969-3FAC-428B-A511-9112B85C0884} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {361387E9-F382-4C1E-AA6F-D937C684813A} - System32\Tasks\WebReg Photosmart 2570 series => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
Task: {3C24B91F-DA21-4400-977A-FABE57D55681} - System32\Tasks\{0216116A-7830-4DB7-B174-E4592BE8F1FC} => pcalua.exe -a E:\setup.exe -d E:\
Task: {4027A9A6-D0A2-40B6-9409-AB044AEB6249} - \DealPly -> No File <==== ATTENTION
Task: {76C3F2E1-E302-4331-B6E6-43B8C276DABF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-23] (Google Inc.)
Task: {9C622FCB-B48F-431C-B78D-5C8021F68906} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {B638BB1B-99B3-428A-8192-9E15EB5FADC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB67E233-ACCB-4F24-89A5-9D8130B83623} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {BF49F21E-AE83-4A4F-A75C-748336DCB1C4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {C168A01B-BA0C-4142-B1DE-33153C4705EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F3C94791-39E7-40E9-9F28-81907E0C6AF4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============




==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"


==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D941D196-2017-4DBC-ABE9-4361D69D453A}] => (Allow) LPort=80
FirewallRules: [{F848ABCE-8030-4BF5-98F6-9B033AA7E043}] => (Allow) LPort=80
FirewallRules: [{2953DFCC-EB53-4798-8185-9529FD204347}] => (Allow) LPort=80
FirewallRules: [{402D8B00-2C88-429B-B3A6-CE3C62FBEF29}] => (Allow) C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe
FirewallRules: [{8F934D5F-241A-4DA8-9395-1822F0E3B5F6}] => (Allow) C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe
FirewallRules: [{FB1F94EC-3421-4554-93CF-25037893159D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C33AFD6D-1972-421A-B523-2CA0CFFA5C98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BF1D1E1-7351-4615-8B65-0AFB7F25C4C1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{172A7052-D107-40F1-9688-2D9E24AA629F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5BD104A6-93ED-48E2-9A00-EE2EC56D26FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{89C19AE9-8F97-453F-8524-28DBF1FB9C7C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1AEB1AFB-1B9C-4795-855C-781C78332E39}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe] => Enabled:ScrabblePCR
StandardProfile\AuthorizedApplications: [C:\Program Files\Ubisoft\Scrabble2009\ScrabblePCR.exe] => Enabled:ScrabblePCR


==================== Restore Points =========================


10-01-2016 20:55:57 Scheduled Checkpoint
11-01-2016 09:29:46 Scheduled Checkpoint
13-01-2016 10:04:22 Windows Update
14-01-2016 12:22:18 Scheduled Checkpoint
15-01-2016 19:33:01 Scheduled Checkpoint
17-01-2016 16:24:27 Scheduled Checkpoint


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (01/18/2016 01:31:10 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


Error: (01/17/2016 06:34:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4621140


Error: (01/17/2016 06:34:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4621140


Error: (01/17/2016 06:34:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Error: (01/15/2016 08:26:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2724354


Error: (01/15/2016 08:26:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2724354


Error: (01/15/2016 08:26:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Error: (01/13/2016 10:33:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4


Error: (01/13/2016 10:33:02 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


Error: (01/11/2016 05:31:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13467816




System errors:
=============
Error: (01/18/2016 01:31:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BHDrvx86
ccSet_NIS
eeCtrl
IDSVix86
spldr
SRTSP
SRTSPX
SymIRON
SYMTDIv
Wanarpv6


Error: (01/18/2016 01:31:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068


Error: (01/18/2016 01:31:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Windows\System32\IWMSSvc.dll21


Error: (01/18/2016 01:31:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Error: (01/18/2016 01:31:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Error: (01/18/2016 01:31:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}


Error: (01/18/2016 01:31:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Error: (01/18/2016 01:31:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Error: (01/15/2016 02:16:49 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Error: (01/14/2016 09:54:52 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.




CodeIntegrity:
===================================
Date: 2016-01-18 13:33:58.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:57.946
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:57.509
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:57.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:37.641
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160114.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:37.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160114.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:36.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160114.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-01-18 13:33:36.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160114.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-01-15 09:35:11.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160104.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


Date: 2016-01-15 09:35:11.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160104.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.




==================== Memory info ===========================


Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 45%
Total physical RAM: 1525.38 MB
Available physical RAM: 834.75 MB
Total Virtual: 3304.57 MB
Available Virtual: 2727.7 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:52.14 GB) (Free:16.16 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:51.84 GB) (Free:41.01 GB) NTFS
Drive g: (Cruzer) (Removable) (Total:7.47 GB) (Free:3.74 GB) FAT32
Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 111.8 GB) (Disk ID: 83DF4CFC)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=27)
Partition 2: (Active) - (Size=52.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51.8 GB) - (Type=07 NTFS)


========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)


Partition: GPT.


==================== End of Additi
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi there,

A few things we need to deal with:

Step 1
Spybot - Search & Destroy
We stopped recommending this awhile back due to poor scanning results.
Plus, Tea Timer is more trouble than it's worth.

I recommend that you uninstall it.
But for the uninstall to complete you will need to re-enable TeaTimer in MsConfig.
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Once re-enabled you will have to stop it properly.

  • Open Spybot and click on 'Mode' then click 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
    Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
    If it is, right click it and choose 'exit Spybot-S&D Resident'.

Reboot the computer.
Then run the uninstaller from Add or Remove Programs in the Control Panel.


Step 2
Let's clean out some traces of Adware:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click I agree to the Terms of Use.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\ folder.


Step 3
Unfortunately we don't get a full of set of reports from FRST when run in Safe Mode.
Boot Mode: Safe Mode (with Networking)
After running the above steps, please re-run FRST using the instructions below (then i'll be able to deal with what is left over)

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Then press the Scan button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.


In your next reply, please submit:
AdwCleaner report
and the new set of reports from FRST.

Also.... why is Norton out of date?
is this because the system has been offline?


Thanks.
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
Thank you so much for your quick reply.

Next time I can get to Dads, I will do everything you sugg
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
est. Not sure about Norton. It wouldn't let me run the FRST, which is why I ended up in Safe mode, but I will double check that one. To be honest, I never wanted him to have Norton but he had signed up to it before I had a say in it.

So glad I found this forum, thank you for helping me out.
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi,
Yes Norton doesn't like FRST.
Best disable Norton before running FRST.
Also I forgot to mention... please run AdwCleaner in normal mode.

No rush, just post when you can.
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
# AdwCleaner v5.030 - Logfile created 22/01/2016 at 14:53:20
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Admin - ADMIN-PC
# Running from : G:\antimalware products\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum


***** [ Services ] *****




***** [ Folders ] *****


[-] Folder Deleted : C:\Users\Admin\AppData\LocalLow\BabylonToolbar


***** [ Files ] *****


[-] File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\user.js


***** [ DLLs ] *****




***** [ Shortcuts ] *****




***** [ Scheduled tasks ] *****


[-] Task Deleted : Dealply


***** [ Registry ] *****


[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]


***** [ Web browsers ] *****


[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=111803&babsrc=NT_ss&mntrId=d2fdf9320000000000000019d220cce2");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111803&babsrc=HP_ss&mntrId=d2fdf9320000000000000019d220cce2");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111803");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d2fdf9320000000000000019d220cce2");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.id", "d2fdf9320000000000000019d220cce2");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15534");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111803&babsrc=NT_ss&mntrId=d2fdf9320000000000000019d220cce2");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:07:26");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.channel", "vitafilewin");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.firstUseDate", "1342170448176");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.installId", "v23500251870085901197612012071310071228");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.installIdSource", "inst");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.lastHeartBitDate", "2013_6_19");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.partner", "vita");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.ranIM1", "1");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.dealply.sampleGroup", "8");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111803&babsrc=KW_ss&mntrId=d2fdf9320000000000000019d220cce2&q=");
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb


*************************


:: "Tracing" keys removed
:: Winsock settings cleared


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6865 bytes] ##########
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-01-2016
Ran by Admin (administrator) on ADMIN-PC (22-01-2016 15:12:04)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Admin\Downloads\FRST (2).exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
Winlogon\Notify\!SASWinLogon: F:\SASWINLO.DLL [X]
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\...\MountPoints2: {d38da53a-ccdc-11e1-9f4a-0016d4b23538} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\SASSEH.DLL No File [ ]
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{538F1621-5099-4C03-BD04-BE2A05E2F80F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C581A5FF-006B-459F-9BCF-4145EA3C9B61}: [DhcpNameServer] 192.168.0.1


Internet Explorer:
==================
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.norton.com
HKU\S-1-5-21-1000093575-2614507329-1950583498-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.skybroadband.com
SearchScopes: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-20] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1000093575-2614507329-1950583498-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab


FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-11-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qrmtdt7e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-14] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2016-01-13]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]


Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-13]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (ABlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcchaiacddlgkccppchimljondmpikpg [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.CI6XXID4S2E4GYKPJ7WETYJMDQ - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20160119.001\BHDrvx86.sys [1193032 2015-10-08] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1605050.00F\ccSetx86.sys [137456 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [68096 2007-08-16] (ENE Technology Inc.)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-18] (Symantec Corporation)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [47104 2007-08-16] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [64512 2007-08-16] (ENE Technology Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20160120.001\IDSvix86.sys [580344 2015-12-04] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160121.049\NAVENG.SYS [104440 2015-10-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20160121.049\NAVEX15.SYS [1647216 2015-10-30] (Symantec Corporation)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1605050.00F\SRTSP.SYS [712944 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1605050.00F\SRTSPX.SYS [44792 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NIS\1605050.00F\SYMEFASI.SYS [1287408 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [103152 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1605050.00F\Ironx86.SYS [234744 2015-07-11] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1605050.00F\SYMTDIV.SYS [358104 2015-11-11] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-22 15:11 - 2016-01-22 15:12 - 00000000 ____D C:\FRST
2016-01-22 15:11 - 2016-01-22 15:11 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST (2).exe
2016-01-22 14:39 - 2016-01-22 14:53 - 00000000 ____D C:\AdwCleaner
2016-01-21 12:33 - 2016-01-21 12:34 - 05459456 _____ C:\Users\Admin\Downloads\Speciaaltjes1.pps
2016-01-20 17:20 - 2016-01-20 17:20 - 00505070 _____ C:\Users\Admin\Downloads\Top-002 (41).BMP
2016-01-20 10:00 - 2016-01-20 10:00 - 00129165 _____ C:\Users\Admin\Downloads\SI118713.pdf
2016-01-20 09:47 - 2016-01-20 09:47 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (56).BMP
2016-01-20 09:47 - 2016-01-20 09:47 - 00505070 _____ C:\Users\Admin\Downloads\SAROUK Print.bmp
2016-01-20 08:44 - 2016-01-20 08:45 - 00505070 _____ C:\Users\Admin\Downloads\Top.BMP
2016-01-18 19:47 - 2016-01-18 19:47 - 00166314 _____ C:\Users\Admin\Downloads\attachments_2016_01_18 (1).zip
2016-01-18 19:42 - 2016-01-18 19:42 - 00166314 _____ C:\Users\Admin\Downloads\attachments_2016_01_18.zip
2016-01-18 13:35 - 2016-01-18 13:35 - 00023498 _____ C:\Users\Admin\Downloads\Addition.txt
2016-01-18 13:33 - 2016-01-22 15:12 - 00015258 _____ C:\Users\Admin\Downloads\FRST.txt
2016-01-18 13:33 - 2016-01-18 13:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2016-01-18 13:32 - 2016-01-18 13:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-01-18 13:30 - 2016-01-18 13:30 - 00077740 _____ C:\Windows\ntbtlog.txt
2016-01-14 17:43 - 2016-01-14 17:43 - 00505070 _____ C:\Users\Admin\Downloads\Top-002 (40).BMP
2016-01-14 14:26 - 2016-01-14 14:26 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (55).BMP
2016-01-13 10:34 - 2015-12-05 17:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 10:34 - 2015-12-05 17:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 10:34 - 2015-12-05 17:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 10:34 - 2015-12-05 17:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 10:34 - 2015-12-05 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 10:34 - 2015-12-05 17:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 10:34 - 2015-12-05 16:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 10:34 - 2015-12-05 15:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 10:34 - 2015-11-13 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 10:34 - 2015-11-13 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 10:34 - 2015-11-13 15:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 10:33 - 2015-12-08 17:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 10:09 - 2015-12-05 17:02 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 10:06 - 2015-12-30 17:12 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 10:06 - 2015-12-30 17:12 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 20:03 - 2015-12-15 21:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 20:03 - 2015-12-15 21:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 20:03 - 2015-12-15 21:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 20:03 - 2015-12-15 21:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 20:03 - 2015-12-15 21:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 20:03 - 2015-12-15 21:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 20:03 - 2015-12-15 21:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-12 20:03 - 2015-12-15 21:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 20:03 - 2015-12-15 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 20:03 - 2015-12-15 21:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-12 20:03 - 2015-12-15 21:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-12 20:03 - 2015-12-15 21:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-08 14:16 - 2016-01-08 14:16 - 00027785 _____ C:\Users\Admin\Downloads\J2947 VQ4.pdf
2016-01-07 16:51 - 2016-01-07 16:51 - 00505070 _____ C:\Users\Admin\Downloads\Top-001 (54).BMP
2016-01-07 12:32 - 2016-01-07 12:32 - 05414139 _____ C:\Users\Admin\Downloads\EPSON028 (1).PDF
2016-01-07 12:28 - 2016-01-07 12:28 - 05414139 _____ C:\Users\Admin\Downloads\EPSON028.PDF
2016-01-07 12:09 - 2016-01-07 12:09 - 00007508 _____ C:\Users\Admin\Downloads\INVCRD0000844169.pdf
2016-01-07 12:07 - 2016-01-07 12:07 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (5).pdf
2016-01-07 12:07 - 2016-01-07 12:07 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (4).pdf
2016-01-07 12:06 - 2016-01-07 12:06 - 00022248 _____ C:\Users\Admin\Downloads\EXPDOC0000838720 (1).pdf
2016-01-07 12:05 - 2016-01-07 12:05 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (3).pdf
2016-01-07 12:02 - 2016-01-07 12:02 - 00007198 _____ C:\Users\Admin\Downloads\INVCRD0000844170 (1).pdf
2016-01-07 12:01 - 2016-01-07 12:01 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168 (2).pdf
2016-01-07 11:59 - 2016-01-07 11:59 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168 (1).pdf
2016-01-07 09:34 - 2016-01-07 09:34 - 00505070 _____ C:\Users\Admin\Downloads\Top (100).BMP
2016-01-06 12:30 - 2016-01-06 12:30 - 03489285 _____ C:\Users\Admin\Downloads\SH numbered seat plan with door numbers new logo & E29 GT 300408.pdf
2016-01-06 12:30 - 2016-01-06 12:30 - 03489285 _____ C:\Users\Admin\Downloads\SH numbered seat plan with door numbers new logo & E29 GT 300408 (1).pdf
2016-01-05 17:44 - 2016-01-05 17:44 - 00034903 _____ C:\Users\Admin\Downloads\Attached Message Part (1)
2016-01-05 17:44 - 2016-01-05 17:44 - 00034903 _____ C:\Users\Admin\Downloads\Attached Message Part
2016-01-04 17:04 - 2016-01-04 17:04 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (2).pdf
2016-01-04 17:02 - 2016-01-04 17:02 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722 (1).pdf
2016-01-04 17:01 - 2016-01-04 17:01 - 00007198 _____ C:\Users\Admin\Downloads\INVCRD0000844170.pdf
2016-01-04 16:58 - 2016-01-04 16:58 - 00007185 _____ C:\Users\Admin\Downloads\INVCRD0000844168.pdf
2016-01-04 16:25 - 2016-01-04 16:25 - 00022257 _____ C:\Users\Admin\Downloads\EXPDOC0000838722.pdf
2016-01-04 16:24 - 2016-01-04 16:24 - 00022248 _____ C:\Users\Admin\Downloads\EXPDOC0000838720.pdf


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-01-22 15:11 - 2006-11-02 11:18 - 00000000 ____D C:\Windows
2016-01-22 14:56 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 14:56 - 2006-11-02 12:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-22 14:56 - 2006-11-02 12:47 - 00004240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-22 14:55 - 2006-11-02 13:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-22 14:38 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2016-01-22 14:38 - 2006-11-02 10:33 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 14:37 - 2013-02-16 14:51 - 00000000 ____D C:\Users\Admin\AppData\Roaming\U3
2016-01-22 14:23 - 2012-07-11 14:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-13 23:26 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\rescache
2016-01-13 11:00 - 2006-11-02 12:47 - 00260016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 10:33 - 2013-08-15 08:05 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 10:10 - 2006-11-02 10:24 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe


==================== Files in the root of some directories =======


2015-08-28 09:05 - 2015-08-28 09:05 - 6420480 _____ () C:\Program Files\GUTEBF5.tmp
2013-09-19 19:58 - 2013-09-19 19:58 - 0000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2012-08-12 15:50 - 2014-08-26 13:35 - 0005632 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-21 10:34 - 2013-04-10 14:12 - 0034802 _____ () C:\ProgramData\hpzinstall.log


Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll




==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-01-22 15:06


==================== End of FRST.txt ============================
 

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
I can't seem to do anything with the Spybot. It keeps saying I need administrator rights to make any changes to it, but that is how I am running the computer! I remember now why I haven't been able to uninstall it previously
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi there,

remember now why I haven't been able to uninstall it previously
Ok, no problem I'll add spybot to the fix (this will remove it)

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.



The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.



Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE 8u71 / 8u72 and save it to your desktop.
  • Scroll down to where it says "Java SE 8u71 / 8u72".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.


In your next reply, please submit:
fixlog.txt
and let me know how the system is running.... any problems.

Thanks
 

Attachments

A Bit Annoyed

FPCH Member
Joined
Jan 16, 2016
PC Experience
Some Experience
I meant to ask, is this fix something I can do within a lunch hour, or should I wait until I have more time to check it?
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Location
Midlands, UK
PC Experience
Very Experienced
Hi there,

The FRST fix should take less than 30 seconds.
Updating Java should take about 5 mins from start to finish.
 
Top Bottom