Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Thought better safe than sorry after random Microsoft Virus Alert last night....

This is a discussion on Thought better safe than sorry after random Microsoft Virus Alert last night.... within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. As per the new instructions I attempted to run DDS but got an error saying "dds is not meant to


Closed Thread
 
Thread Tools Search this Thread
Old 02-05-2017, 09:05 PM   #1
Registered Member
 
AngelinaSkye's Avatar
 
Join Date: Apr 2009
Location: Vancouver, Canada
Posts: 60
OS: Windows 10


EEK!



As per the new instructions I attempted to run DDS but got an error saying "dds is not meant to be run in compatibility mode. The program will now exit" I tried more than a few times then did a random google search about that error and found this super old post:

hxxp://www.techsupportforum.com/forums/f100/dds-is-not-meant-to-run-in-compatibility-mode-892610.html

I realize that its totally outdated but decided rather than post nothing I would post the logs for Farbar and Malware Bytes and hope it helps to determine what is going on.

Basically the night before last I had fallen asleep watching a show on my pc which was streaming from cloudtime which I have done a billion times. I woke up and couldn't fall asleep right away so I thought I would watch another episode. When I went to change from fullscreen to regular in the window that was cloudtime I got this annoying Microsoft warning about a virus which I had to actually force close via task manager cuz that was the only way I could get rid of it. After that it seemed to be back to normal except today when I went to play another episode (this time from vidzi.com which I have also used many times without issue) I got a weird half distorted half light blue screen with some windows error I didn't have a chance to make note of before it rebooted my pc automatically and since then things are back to normal again.

The only issue I have ever had was when I used refresh to fix a computer issue less than a year after I bought it which ended up deactivating the windows which was pre-installed when I bought my PC from Best Buy. I contacted Best Buy and Microsoft to no avail and finally contacted ASUS who said it was because I had Windows 8 initially and had upgraded to windows 8.1 which was why the key embedded into my pc wasn't working because my pc was running 8.1 and not 8 and my only option to get it fixed was to ship my pc to some foreign country so they could have it for who knows how many weeks so I kept it as is and have learned to tolerate that activate windows screen that pops up every 3 or so hours. (usually when I'm gaming and its most likely to kill me lol) . As a result I can not do windows updates cuz if I try it get stuck in a never ending loop of installing updates, updates failed, rolling back updates for literally like 6 hours.

First here is the Farbar Recovery Scan Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by Lisa (administrator) on LISAPC (05-02-2017 20:03:56)
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & Extra)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() E:\scsiaccess.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wargaming.net) E:\WorldofWarships\WargamingGameUpdater.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5378\Agent.exe
(Blizzard Entertainment) E:\Battle.net\Battle.net.8293\Battle.net.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() E:\ROXIO\Roxio 2012\5.0\CPMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() E:\Battle.net\Battle.net.8293\Battle.net Helper.exe
() E:\Battle.net\Battle.net.8293\Battle.net Helper.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [SRSAENotifier] => C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe [570272 2012-06-25] (SRS Labs, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => E:\ROXIO\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => E:\ROXIO\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [LoadQM] => C:\WINDOWS\loadqm.exe [7536 2000-05-03] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [SRSHDAudioLab] => C:\Program Files\SRS Labs\SRS Audio Essentials\AudioEssentials.exe [5446056 2012-06-25] ()
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [uTorrent] => C:\Users\Lisa\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-27] (BitTorrent Inc.)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [MSMSGS] => C:\Program Files (x86)\Messenger\msmsgs.exe [1458448 2002-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [TalkHelper] => E:\TalkHelper Call Recorder for Skype\TalkHelper Call Recorder for Skype\TalkHelper.exe [4619776 2016-09-03] (TalkHelper Team)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [DAEMON Tools Lite Automount] => E:\DAEMON Tools Lite\DTAgent.exe [4557504 2016-10-06] (Disc Soft Ltd)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [World of Warships] => E:\WorldofWarships\WargamingGameUpdater.exe [3134216 2016-12-05] (Wargaming.net)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Run: [Battle.net] => E:\Battle.net\Battle.net Launcher.exe [3122152 2016-11-30] (Blizzard Entertainment)
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\MountPoints2: {6134864e-c0f8-11e6-8300-e03f49e6a5f5} - "J:\setup.exe"
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\...\MountPoints2: {d8c8ab4c-aaf5-11e6-82ec-e03f49e6a5f5} - "I:\setup.exe"
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Lisa\Desktop\dds.scr [688992 2017-02-05] (Swearware)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-09-26]
ShortcutTarget: Curse.lnk -> C:\Users\Lisa\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{BB7B3181-CC20-40D9-AE31-2492A17CB806}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BB7B3181-CC20-40D9-AE31-2492A17CB806}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1929467248-3834011559-1931454703-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {593938E1-C91D-4060-9064-95BB122DA114} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1929467248-3834011559-1931454703-1002 -> {F706DB77-44DA-4C8A-95B5-1FD0854416D2} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-17] (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: cilej5g4.dev-edition-default
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default [2017-02-05]
FF user.js: detected! => C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\user.js [2016-03-30]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default -> type", 4
FF Extension: (Grammarly for Firefox) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\[email protected] [2017-01-12]
FF Extension: (anonymoX) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\[email protected] [2017-01-29]
FF Extension: (LavaFox V2-Blue) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\[email protected] [2016-11-29]
FF Extension: (LavaFox V2-Purple) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\[email protected] [2016-11-29]
FF Extension: (BlackFox V2) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\[email protected] [2016-11-29]
FF Extension: (JavaScript on-off applet) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{54e46280-0211-11e3-b778-0800200c9a66}.xpi [2016-10-04]
FF Extension: (FT DeepDark) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2017-01-13]
FF Extension: (Adblock Plus) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (WorldIP) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2016-05-17]
FF SearchPlugin: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cilej5g4.dev-edition-default\searchplugins\google-avast.xml [2015-08-12]
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\iqkjlxbc.default-1463333953493 [2017-01-17]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2016-04-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2015-07-17] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1929467248-3834011559-1931454703-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-19] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1929467248-3834011559-1931454703-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2017-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Core 2) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkgipafedkfiijlnmghhendlnidhcene [2016-08-14]
CHR Extension: (AdBlock) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01]
CHR Extension: (Skype) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-04-08]
CHR Extension: (Hide My IP) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekcnopmdcbjdgmpnpkndppflpldnkkp [2017-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-27] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-12] ()
R2 BITS; C:\WINDOWS\SysWOW64\qmgr.dll [77760 2000-05-03] (Microsoft Corporation) [File not signed]
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [207160 2013-08-08] ()
S3 Disc Soft Lite Bus Service; E:\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1468608 2016-10-06] (Disc Soft Ltd)
S3 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-04-28] (IObit)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3254552 2014-07-13] (INCA Internet Co., Ltd.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S3 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 ScsiAccess; E:\ScsiAccess.exe [186760 2016-03-29] ()
S4 SDScannerService; E:\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; E:\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; E:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SRSHDAudioService; C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [13232 2012-06-25] (SRS Labs, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-27] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-27] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-27] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2016-08-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-27] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-11-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-11-14] (Disc Soft Ltd)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [70600 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R3 SRS_AE_Service; C:\WINDOWS\system32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S3 SRS_SSCFilter; C:\WINDOWS\system32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SysCow; C:\WINDOWS\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
S3 tapoas; C:\WINDOWS\system32\DRIVERS\tapoas.sys [30720 2012-07-14] (The OpenVPN Project)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S4 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [X]
S3 urvpndrv; \SystemRoot\system32\DRIVERS\covpnv64.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 20:03 - 2017-02-05 20:04 - 00030456 _____ C:\Users\Lisa\Desktop\FRST.txt
2017-02-05 20:03 - 2017-02-05 20:03 - 02421248 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2017-02-05 19:56 - 2017-02-05 19:57 - 00688992 _____ (Swearware) C:\Users\Lisa\Desktop\dds.scr
2017-02-04 19:16 - 2017-02-04 19:16 - 00067072 _____ (Microsoft Corporation) C:\dllhost.exe
2017-02-04 19:14 - 2017-02-04 19:14 - 00281160 _____ C:\WINDOWS\Minidump\020417-15046-01.dmp
2017-01-29 02:14 - 2017-01-29 02:14 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Wondershare Video Converter Ultimate
2017-01-29 02:14 - 2017-01-29 02:14 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-01-27 18:38 - 2017-01-27 18:38 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\uTorrent
2017-01-21 23:40 - 2017-01-21 23:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 19:38 - 2017-01-18 19:38 - 00000000 ____D C:\Users\Lisa\Documents\Rockstar Games
2017-01-18 01:58 - 2017-01-18 01:58 - 00000000 ____D C:\Users\Lisa\AppData\Local\Rockstar Games
2017-01-18 01:50 - 2017-01-18 01:50 - 00000000 __RHD C:\Users\Lisa\AppData\Roaming\SecuROM
2017-01-18 01:25 - 2017-01-18 01:25 - 00000791 _____ C:\Users\Lisa\Desktop\FreeArc.lnk
2017-01-18 01:25 - 2017-01-18 01:25 - 00000791 _____ C:\Users\Extra\Desktop\FreeArc.lnk
2017-01-18 01:25 - 2017-01-18 01:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeArc
2017-01-18 01:25 - 2017-01-18 01:25 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\FreeArc
2017-01-18 01:25 - 2017-01-18 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc
2017-01-12 16:12 - 2017-01-12 16:12 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 10:31 - 2017-01-10 10:31 - 00000881 _____ C:\Users\Lisa\Desktop\City Car Driving.lnk
2017-01-10 10:07 - 2017-01-10 10:07 - 00000000 ____D C:\Users\Lisa\AppData\Local\BorisFX
2017-01-10 10:02 - 2017-01-10 10:06 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2017-01-10 09:47 - 2017-01-10 10:33 - 00000000 __SHD C:\Users\Lisa\Documents\MSDCSC
2017-01-10 09:46 - 2017-01-10 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire OFX
2017-01-10 09:45 - 2017-01-10 09:45 - 00000103 _____ C:\WINDOWS\MSUTIL.INI
2017-01-10 09:45 - 2017-01-10 09:45 - 00000000 ____D C:\ProgramData\GenArts
2017-01-10 09:45 - 2017-01-10 09:45 - 00000000 ____D C:\Program Files\Common Files\OFX
2017-01-10 09:45 - 2017-01-10 09:45 - 00000000 ____D C:\Program Files (x86)\GenArts
2017-01-10 09:45 - 2010-02-04 07:58 - 00584376 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2017-01-10 09:45 - 2010-02-04 07:40 - 00575672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libiomp5md.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 20:03 - 2015-02-12 04:24 - 00000000 ____D C:\FRST
2017-02-05 19:58 - 2016-03-16 19:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-05 19:58 - 2014-10-01 19:29 - 01073664 ___SH C:\Users\Lisa\Desktop\Thumbs.db
2017-02-05 19:56 - 2016-11-30 18:10 - 00000000 ____D C:\Users\Lisa\AppData\Local\Battle.net
2017-02-05 19:14 - 2013-08-21 22:56 - 00148372 _____ C:\WINDOWS\system32\slmgr.vbs
2017-02-05 19:14 - 2013-08-21 15:52 - 00148372 _____ C:\WINDOWS\SysWOW64\slmgr.vbs
2017-02-05 16:43 - 2016-11-20 02:01 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\Mozilla
2017-02-05 03:04 - 2014-09-16 01:10 - 00000000 ___RD C:\Users\Lisa\SkyDrive
2017-02-04 19:16 - 2016-04-08 05:26 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-02-04 19:14 - 2014-10-27 10:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-04 19:14 - 2014-09-16 00:45 - 596394374 _____ C:\WINDOWS\MEMORY.DMP
2017-02-04 19:14 - 2013-12-09 01:24 - 00000025 ___SH C:\WINDOWS\SysWOW64\ReadTag.ini
2017-02-04 19:14 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-04 19:13 - 2015-07-24 07:56 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-04 19:12 - 2016-01-08 06:22 - 00000000 ____D C:\ProgramData\ProductData
2017-02-04 19:12 - 2013-08-22 05:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-04 09:32 - 2016-04-07 17:58 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-02 12:07 - 2014-10-02 00:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 12:07 - 2014-10-02 00:20 - 00000000 ____D C:\ProgramData\Skype
2017-01-30 09:52 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\Cursors
2017-01-29 18:29 - 2015-10-15 23:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-29 15:40 - 2016-11-17 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-29 15:40 - 2014-09-16 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 02:21 - 2014-09-29 16:16 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\DVD Flick
2017-01-28 10:44 - 2014-09-28 21:27 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\uTorrent
2017-01-27 04:41 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-26 00:27 - 2014-09-16 01:12 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1929467248-3834011559-1931454703-1002
2017-01-25 03:56 - 2016-01-13 01:19 - 00000000 ____D C:\Program Files\KMSpico
2017-01-25 03:11 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\registration
2017-01-25 02:45 - 2014-10-31 17:58 - 00213504 ___SH C:\Users\Lisa\Downloads\Thumbs.db
2017-01-25 01:21 - 2014-09-27 20:16 - 00809326 _____ C:\WINDOWS\system32\perfh00C.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00807752 _____ C:\WINDOWS\system32\perfh00A.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00805344 _____ C:\WINDOWS\system32\perfh013.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00801092 _____ C:\WINDOWS\system32\perfh010.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00796688 _____ C:\WINDOWS\system32\prfh0816.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00762180 _____ C:\WINDOWS\system32\perfh007.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00457804 _____ C:\WINDOWS\system32\prfh0404.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00166140 _____ C:\WINDOWS\system32\perfc00A.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00163756 _____ C:\WINDOWS\system32\prfc0816.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00161920 _____ C:\WINDOWS\system32\perfc013.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00158828 _____ C:\WINDOWS\system32\perfc007.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00158774 _____ C:\WINDOWS\system32\perfc00C.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00156010 _____ C:\WINDOWS\system32\perfc010.dat
2017-01-25 01:21 - 2014-09-27 20:16 - 00135458 _____ C:\WINDOWS\system32\prfc0404.dat
2017-01-25 01:21 - 2013-12-09 01:04 - 07167462 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-19 02:33 - 2015-09-06 12:01 - 00000000 ____D C:\Users\Lisa\AppData\LocalLow\Fishing Planet LLC
2017-01-19 02:05 - 2016-02-21 18:37 - 00000000 ____D C:\Users\Lisa\AppData\Local\Ubisoft Game Launcher
2017-01-18 23:57 - 2014-10-02 00:21 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Skype
2017-01-17 01:24 - 2016-03-16 19:01 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-17 01:24 - 2015-05-13 23:39 - 00000000 ___RD C:\Users\Lisa\OneDrive
2017-01-17 01:24 - 2014-09-16 09:13 - 00000000 ____D C:\Users\Lisa\AppData\Local\Adobe
2017-01-17 01:24 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-17 01:24 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-14 03:06 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-11 00:58 - 2016-04-07 17:58 - 00003850 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-10 10:31 - 2016-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Car Driving
2017-01-10 10:21 - 2016-05-09 10:52 - 00000872 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-10 04:02 - 2014-09-28 21:19 - 00000000 ____D C:\ProgramData\F5 Networks
2017-01-10 04:01 - 2013-08-22 07:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-07 22:16 - 2014-11-18 04:51 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2015-03-26 11:14 - 2015-03-26 11:14 - 0005542 _____ () C:\Users\Lisa\AppData\Roaming\JDWLIJ
2015-03-26 11:14 - 2015-03-26 11:14 - 0004185 _____ () C:\Users\Lisa\AppData\Roaming\OYFMLT
2015-02-07 05:46 - 2015-02-07 05:46 - 0000392 _____ () C:\Users\Lisa\AppData\Roaming\Result.txt
2015-07-27 12:07 - 2015-07-27 12:07 - 0099029 _____ () C:\Users\Lisa\AppData\Roaming\Uninstal.exe
2015-01-31 05:14 - 2015-09-06 09:11 - 0006656 _____ () C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-22 08:33 - 2015-06-22 08:33 - 0000036 _____ () C:\Users\Lisa\AppData\Local\housecall.guid.cache
2014-11-30 04:32 - 2016-11-09 03:10 - 0007609 _____ () C:\Users\Lisa\AppData\Local\Resmon.ResmonCfg
2016-04-06 08:54 - 2016-07-13 23:40 - 0061248 _____ () C:\Users\Lisa\AppData\Local\rx_audio.Cache
2016-04-06 08:53 - 2016-07-13 23:39 - 1324464 _____ () C:\Users\Lisa\AppData\Local\rx_image32.Cache
2014-10-10 11:22 - 2014-10-10 11:22 - 0000004 _____ () C:\ProgramData\data.00B
2013-12-09 01:10 - 2013-12-09 01:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-10 11:23 - 2014-10-10 11:23 - 0000089 _____ () C:\ProgramData\laucnher.log
2016-07-31 07:44 - 2016-07-31 07:44 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-01-18 01:50 - 2017-01-18 19:33 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Lisa\AppData\Local\Temp\drm_dyndata_7370014.dll
2017-01-10 09:47 - 2017-01-10 09:47 - 0916480 ___SH (Microsoft Corp.) C:\Users\Lisa\AppData\Local\Temp\PATCHER.EXE
2017-01-25 03:05 - 2017-01-25 03:05 - 1042784 _____ (Microsoft Corporation) C:\Users\Lisa\AppData\Local\Temp\PidGenX.dll
2017-01-10 09:47 - 2017-01-10 09:48 - 0124416 _____ () C:\Users\Lisa\AppData\Local\Temp\PLUGININSTALLER.EXE
2017-01-10 09:47 - 2017-01-10 09:48 - 2230784 _____ () C:\Users\Lisa\AppData\Local\Temp\SAPPHIRE OFX PATCH 64BIT.EXE
2017-01-10 09:47 - 2017-01-10 09:48 - 1017856 _____ () C:\Users\Lisa\AppData\Local\Temp\SAPPHIRE.OFX.6.10-PATCH64.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-03 02:46

==================== End of FRST.txt ============================

the addition.txt will be added as attachment.


And Malware bytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2017-02-05
Scan Time: 8:15 PM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.05.06
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Lisa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 461755
Time Elapsed: 46 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE, , [0951336c5a4ecb6b7499d532f70dc937],
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DLLHOST.EXE, , [0951336c5a4ecb6b7499d532f70dc937],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
RiskWare.HeuristicsReservedWordExploit, C:\dllhost.exe, , [0951336c5a4ecb6b7499d532f70dc937],

Physical Sectors: 0
(No malicious items detected)


(end)
Attached Files
File Type: txt Addition.txt (63.4 KB, 36 views)
AngelinaSkye is offline  
Sponsored Links
Advertisement
 
Old 02-11-2017, 02:45 AM   #2
Registered Member
 
AngelinaSkye's Avatar
 
Join Date: Apr 2009
Location: Vancouver, Canada
Posts: 60
OS: Windows 10



"BUMP, please"
AngelinaSkye is offline  
Old 02-18-2017, 09:55 PM   #3
Registered Member
 
AngelinaSkye's Avatar
 
Join Date: Apr 2009
Location: Vancouver, Canada
Posts: 60
OS: Windows 10



This was my original post:

https://www.techsupportforum.com/foru...t-1179401.html

I posted originally on Feb 5th, and per the instructions replied to my post with "Bump please" and that was a week ago and still no reply?
AngelinaSkye is offline  
Sponsored Links
Advertisement
 
Old 02-19-2017, 12:01 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
The only issue I have ever had was when I used refresh to fix a computer issue less than a year after I bought it which ended up deactivating the windows which was pre-installed when I bought my PC from Best Buy. I contacted Best Buy and Microsoft to no avail and finally contacted ASUS who said it was because I had Windows 8 initially and had upgraded to windows 8.1 which was why the key embedded into my pc wasn't working because my pc was running 8.1 and not 8 and my only option to get it fixed was to ship my pc to some foreign country so they could have it for who knows how many weeks so I kept it as is and have learned to tolerate that activate windows screen that pops up every 3 or so hours. (usually when I'm gaming and its most likely to kill me lol) . As a result I can not do windows updates cuz if I try it get stuck in a never ending loop of installing updates, updates failed, rolling back updates for literally like 6 hours.
First, your machine is running Win8, not Win8.1.

Also, you are running software used to illegally activate Windows/Office. Forum rules do not allow us to give help to users running illegal copies of Windows/Office, or running softwares to illegally activate Windows/Office.

Microsoft actively tries to help users with activation problems, because they want users to run legal copies of Windows.

Sorry, but if you cannot resolve the issue with Microsoft/Best Buy, there's nothing we can do either. This thread will now be closed.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Access any microsoft website and other issues
Hi, This post is the continuation of https://www.techsupportforum.com/forums/f131/cannot-acces-any-microsoft-website-1051314.html, after I was asked to move it to this section. I run windows 10 on my desktop computer. My issue started this morning where I was unable to connect to hotmail...
corentintilde Resolved HJT Threads 10 10-08-2015 05:24 PM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Virus slowing down my PC and blocking me out to remove it.
Hi. I've been having this problem with a virus for sometime now it is slowing down my computer blocks me to use famous antiviruses websites and i keep getting this msg telling me that MBAM cough a Trojan.Downloader virus in system32 i keep getting it like every 15 minutes and i have alot of...
Znoti Resolved HJT Threads 15 04-18-2012 02:49 PM
Need help removing BOO/TDss virus
Hello, I have read the READ THIS FIRST so i hope i get this all right. I have a virus that i believe i got from school and i can't remove it. I have a sony VAIO computer running windows 7 Professional 64bit. Here are the log and zippped file you requested. . DDS (Ver_2011-08-26.01) -...
ovr69 Virus/Trojan/Spyware Help 25 10-29-2011 05:59 PM
Persistent redirect virus
Hello, My girlfriend's laptop presented with some pretty bad viral issues a few weeks ago - both the redirect virus and "system repair" virus, which hid all her files, changed usernames and generally caused havoc. I did the internet search thing and managed to remove the system repair one (at...
thespoondog Resolved HJT Threads 35 09-12-2011 05:50 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:27 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts