Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bleeping comp freezing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Bleeping comp freezing

Unread postby Ben11 » March 15th, 2017, 3:00 pm

comp keeps locking and freezing
tried to run frst and computer just gave an ominous loud bleeping noise
had to restart comp the frst wouldnt respond so had to run it 3 times to get it. keep stopping on scanning TCPIP and wouldnt go past that bit
dont know if virus or just computer ready to pack up?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Chris (administrator) on DELL-530 (15-03-2017 18:54:40)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\launcher.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.48.2066.120\SZBrowser_autoupdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-08-12] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-08-30] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-02-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-02-21]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-02-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2017-02-21]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-16] (RealPlayer)
BHO: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF DefaultProfile: 2m53848d.default
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default [2017-03-15]
FF Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2017-02-26]
FF Extension: (Adblock Plus) - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2m53848d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-05-06] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-08-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Avast Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-06-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-14]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-08-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-30] (AVAST Software)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [295840 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-08-30] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219584 2017-03-15] (Malwarebytes)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 18:46 - 2017-03-15 18:54 - 00013355 _____ C:\Users\Chris\Desktop\FRST.txt
2017-03-15 18:44 - 2017-03-15 18:44 - 00000093 _____ C:\Windows\wininit.ini
2017-03-15 18:34 - 2017-03-15 18:46 - 00000000 ____D C:\FRST
2017-03-15 18:33 - 2017-03-15 18:33 - 01766912 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2017-03-15 15:58 - 2017-03-15 16:02 - 00000000 ____D C:\Users\Chris\Downloads\marm
2017-03-09 21:40 - 2017-03-15 18:31 - 00000000 ____D C:\AdwCleaner
2017-03-09 21:39 - 2017-03-09 21:39 - 04031440 _____ C:\Users\Chris\Desktop\AdwCleaner.exe
2017-03-09 17:43 - 2017-03-09 17:49 - 00000000 ____D C:\Users\Chris\Downloads\rs
2017-03-09 17:41 - 2017-03-15 18:30 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent
2017-02-26 17:37 - 2017-03-15 18:44 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-26 17:37 - 2017-03-15 18:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-26 17:37 - 2017-02-26 17:37 - 00000818 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-26 17:37 - 2017-02-26 17:37 - 00000806 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-26 17:37 - 2017-02-26 17:37 - 00000806 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2017-02-26 17:16 - 2017-02-26 17:16 - 00448512 _____ (OldTimer Tools) C:\Users\Chris\Downloads\TFC.exe
2017-02-25 18:48 - 2017-02-25 18:48 - 00001106 _____ C:\Users\Chris\Desktop\mm.txt
2017-02-24 12:53 - 2017-02-24 12:53 - 15695400 _____ (Tuneskit, Inc. ) C:\Users\Chris\Downloads\AudibleConverter.exe
2017-02-21 16:12 - 2017-02-21 16:11 - 119327693 _____ C:\Users\Chris\Desktop\ILoveYouButImNotInLoveWithYouUnabridged_mp332_yHdUhlRpT8e3uJfIenv97BRl58OHopH3jKTn6FlqC_NARH3DwlSqknDt6.aa
2017-02-21 16:04 - 2017-02-21 16:05 - 24437019 _____ C:\Users\Chris\Downloads\AudibleConverter.dmg
2017-02-21 16:00 - 2017-02-21 16:00 - 00000000 ____D C:\Users\Chris\Documents\Any Video Converter Ultimate
2017-02-21 15:52 - 2017-02-21 15:52 - 00001927 _____ C:\Users\Chris\Desktop\Chromium.lnk
2017-02-21 15:52 - 2017-02-21 15:52 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium
2017-02-21 15:51 - 2017-02-21 15:52 - 00000000 ____D C:\Users\Chris\AppData\Local\chromium
2017-02-21 15:51 - 2017-02-21 15:51 - 00000000 ____D C:\Users\Chris\Documents\Any Audio Converter
2017-02-21 15:50 - 2017-02-21 16:13 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Anvsoft
2017-02-21 15:48 - 2017-02-24 12:46 - 00000000 ____D C:\Program Files\Anvsoft
2017-02-21 15:44 - 2017-02-21 15:44 - 00000000 ____D C:\Users\Chris\Documents\Aiseesoft Studio
2017-02-21 15:44 - 2017-02-21 15:44 - 00000000 ____D C:\Users\Chris\AppData\Local\Aiseesoft Studio
2017-02-21 15:43 - 2017-02-21 15:43 - 00000392 _____ C:\Users\Chris\Downloads\admhelper(2)
2017-02-21 15:37 - 2017-02-21 15:37 - 00000000 ____D C:\Users\Chris\Documents\AAX2MP3-1
2017-02-21 15:34 - 2017-02-21 15:36 - 00000000 ____D C:\Users\Chris\AppData\Local\WinZip
2017-02-21 15:34 - 2017-02-21 15:35 - 00000000 ____D C:\ProgramData\WinZip
2017-02-21 15:34 - 2017-02-21 15:34 - 00001820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2017-02-21 15:34 - 2017-02-21 15:34 - 00001814 _____ C:\Users\Public\Desktop\WinZip.lnk
2017-02-21 15:34 - 2017-02-21 15:34 - 00001814 _____ C:\ProgramData\Desktop\WinZip.lnk
2017-02-21 15:34 - 2017-02-21 15:34 - 00001788 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2017-02-21 15:34 - 2017-02-21 15:34 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-21 15:34 - 2017-02-21 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-21 15:34 - 2017-02-21 15:34 - 00000000 ____D C:\Program Files\WinZip
2017-02-21 15:32 - 2017-02-21 15:32 - 00712888 _____ (WinZip Computing, S.L.) C:\Users\Chris\Downloads\winzip21_downwz.exe
2017-02-21 15:32 - 2017-02-21 15:32 - 00000000 ____D C:\ProgramData\UniqueId
2017-02-21 15:31 - 2017-02-21 15:31 - 13385102 _____ C:\Users\Chris\Downloads\AAX2MP3.zip
2017-02-21 15:24 - 2017-02-21 15:24 - 00000423 _____ C:\Users\Chris\Downloads\admhelper(1)
2017-02-21 15:23 - 2017-02-21 15:24 - 00000000 ____D C:\Program Files\Audible
2017-02-21 15:23 - 2017-02-21 15:23 - 00255352 _____ (Audible, Inc.) C:\Windows\system32\awrdscdc.ax
2017-02-21 15:23 - 2017-02-21 15:23 - 00001706 _____ C:\Users\Chris\Desktop\Audible Manager.lnk
2017-02-21 15:23 - 2017-02-21 15:23 - 00000000 ____D C:\Users\Public\Documents\Audible
2017-02-21 15:23 - 2017-02-21 15:23 - 00000000 ____D C:\Users\Chris\Documents\Audible
2017-02-21 15:23 - 2017-02-21 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2017-02-21 15:23 - 2017-02-21 15:23 - 00000000 ____D C:\ProgramData\Documents\Audible
2017-02-21 15:22 - 2017-02-21 15:22 - 01730272 _____ (Audible Inc.) C:\Users\Chris\Downloads\ActiveSetupN.exe
2017-02-14 09:51 - 2017-02-14 09:57 - 369856312 _____ (Doctor Web, Ltd.) C:\Users\Chris\Downloads\drweb-11.0-ss-win.exe
2017-02-13 14:38 - 2017-02-14 17:53 - 00000000 ____D C:\Users\Chris\Downloads\lk
2017-02-13 14:05 - 2017-02-13 14:07 - 44364227 _____ C:\Users\Chris\Desktop\My DVD_Title1.mp4
2017-02-13 14:02 - 2017-02-13 14:02 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Digiarty
2017-02-13 13:59 - 2017-02-13 14:01 - 00000000 ____D C:\Users\Chris\Downloads\WinX DVD Ripper Platinum v7.5.12.141 Build 16.09.2015 + Serials {B@tman}
2017-02-13 13:47 - 2017-02-13 13:47 - 00000235 _____ C:\Users\Chris\Desktop\CD Drive - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-15 18:45 - 2016-11-19 22:46 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Mozilla
2017-03-15 18:40 - 2017-02-01 15:44 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-15 18:40 - 2016-10-17 20:10 - 00664082 _____ C:\Windows\ntbtlog.txt
2017-03-15 18:39 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-15 18:38 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-15 18:38 - 2006-11-02 12:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-15 18:38 - 2006-11-02 12:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-15 18:28 - 2013-07-23 21:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2017-03-14 21:47 - 2012-12-13 19:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-14 21:47 - 2012-12-13 19:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-14 21:47 - 2008-10-23 12:28 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-10 00:39 - 2006-11-02 13:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-28 21:38 - 2017-02-01 15:42 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-02-26 18:16 - 2016-02-24 14:25 - 00050688 _____ C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-26 18:16 - 2013-05-06 13:42 - 00000069 _____ C:\Windows\NeroDigital.ini
2017-02-26 18:16 - 2012-12-19 18:53 - 00000000 ____D C:\Users\Chris\AppData\Roaming\dvdcss
2017-02-26 17:15 - 2014-05-04 21:44 - 00001283 _____ C:\DelFix.txt
2017-02-26 17:14 - 2017-02-02 20:51 - 00000326 _____ C:\Users\Chris\Desktop\cdz.txt
2017-02-24 03:04 - 2013-08-14 02:08 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 03:01 - 2006-11-02 10:24 - 135086848 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe
2017-02-21 15:59 - 2011-02-04 12:24 - 00000000 ____D C:\Users\Chris
2017-02-21 15:59 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\inf
2017-02-21 15:49 - 2017-02-05 20:29 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2017-02-15 15:32 - 2017-02-01 15:44 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-14 19:28 - 2017-02-01 15:44 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-14 09:31 - 2016-03-06 17:13 - 00001041 _____ C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2017-02-14 09:31 - 2015-03-30 20:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Vso
2017-02-13 21:33 - 2011-12-28 14:53 - 00000000 ____D C:\Users\Chris\Documents\ConvertXToDVD

==================== Files in the root of some directories =======

2016-03-06 17:13 - 2017-02-14 09:31 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2016-05-16 19:15 - 2016-06-13 15:09 - 0001356 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2016-02-24 14:25 - 2017-02-26 18:16 - 0050688 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-15 18:58

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Chris (15-03-2017 18:57:18)
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2011-02-04 10:32:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled)
Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 3484544.-2.2005037430.2005036444 - Audible, Inc.)
Avast Internet Security (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies)
ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version: - )
InPlay IPTV (HKLM\...\{4CE87481-C78C-4543-9AA0-2117CD5BF917}) (Version: 4.0.0 - Cobain ltd)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Leawo Video Converter version 5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version: - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 52.0 ESR (x86 en-GB) (HKLM\...\Mozilla Firefox 52.0 ESR (x86 en-GB)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.0.6271 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl)
PressReader (HKLM\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.16.0115.0 - PressReader Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.40 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.1 - win.rar GmbH)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410C}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Chris\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1052CB3B-118E-4E56-8121-30C36CA58FCB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {2EEC41BC-155E-4FB6-B264-D9E2D9DC9DDA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {ADA93713-7718-4862-BB5D-22FC5C9AA169} - System32\Tasks\SafeZone scheduled Autoupdate 1449186754 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {C9BE9F1E-CC67-4EAF-B2B3-6D345758AD23} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-02-10] (WinZip)
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-30 04:50 - 2016-08-30 04:50 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-15 18:40 - 2017-03-15 18:40 - 05989584 _____ () C:\Program Files\AVAST Software\Avast\defs\17031501\algo.dll
2016-08-30 04:50 - 2016-08-30 04:50 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-18 13:54 - 2015-02-27 13:38 - 00214528 _____ () C:\Windows\System32\WSCM32.dll
2014-03-25 05:27 - 2013-03-08 09:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2017-02-01 15:42 - 2017-02-28 21:37 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-06-29 17:20 - 2016-06-29 17:20 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-26 07:44 - 2015-08-26 07:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5317 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-28 15:22 - 2017-02-25 18:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HDDHealth.lnk => C:\Windows\pss\HDDHealth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: ZAM => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{F4CFD83A-D58B-4331-9FC7-226F9784CDC4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{12BEC677-E9D6-44B9-BABE-F2063712476A}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{63B46E60-3403-4499-A84A-2E131052042D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-TCP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-Out-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMPNSS-WMP-In-UDP-NoScope-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{01072E77-9C3B-4616-930C-17F242C61391}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [UDP Query User{B4B0273B-6E73-4483-AA42-4F3F1458FF14}C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe] => (Block) C:\users\chris\desktop\pre-scan_6_31.05.2016.1.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => (Allow) C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe
FirewallRules: [{DFECEA6A-5846-4D8E-8A7E-7E8EA11DA650}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5820D49A-8C3F-4C48-B68B-9B51B26FF326}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\pre-scan_6_31.05.2016.1.exe] => Enabled:pre-scan_6_31.05.2016.1
StandardProfile\AuthorizedApplications: [C:\Users\Chris\Desktop\adsfix_3_09.06.2016.1.exe] => Enabled:adsfix_3_09.06.2016.1

==================== Restore Points =========================

04-03-2017 00:00:01 Scheduled Checkpoint
05-03-2017 00:00:03 Scheduled Checkpoint
06-03-2017 00:00:02 Scheduled Checkpoint
07-03-2017 00:00:01 Scheduled Checkpoint
09-03-2017 16:34:44 Scheduled Checkpoint
11-03-2017 00:00:05 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2017 12:41:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCALLOW\MOZILLA\TEMP-{7742B551-A726-4741-A3B0-4412EB39E8A0}\_AVAST_> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (03/10/2017 12:41:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCALLOW\MOZILLA\TEMP-{7742B551-A726-4741-A3B0-4412EB39E8A0}\_AVAST_> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/25/2017 06:37:10 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/25/2017 06:37:09 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/24/2017 01:12:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/24/2017 01:12:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/24/2017 01:12:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\PC8VIAZ2.DEFAULT USER\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/24/2017 01:04:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 23.2.2017.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 14d4
Start Time: 01d28e9e41391199
Termination Time: 0

Error: (02/24/2017 03:03:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/24/2017 03:03:55 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.


System errors:
=============
Error: (03/15/2017 06:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/15/2017 06:38:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:37:13 on 15/03/2017 was unexpected.

Error: (03/10/2017 12:40:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/10/2017 12:38:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/10/2017 12:38:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
A system shutdown is in progress.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/10/2017 12:38:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (03/10/2017 12:38:55 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (03/10/2017 12:38:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/10/2017 12:38:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/10/2017 12:38:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2017-03-15 18:57:01.824
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-15 18:57:01.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-15 18:57:01.153
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-03-15 18:57:00.638
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-24 13:07:50.584
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-24 13:07:50.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-24 13:07:49.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-24 13:07:49.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-24 13:07:49.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2017-02-24 13:07:48.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\MBAMChameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 80%
Total physical RAM: 3060.45 MB
Available physical RAM: 608.52 MB
Total Virtual: 6353.89 MB
Available Virtual: 3788.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:135.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ===========================
Ben11
Active Member
 
Posts: 2
Joined: March 15th, 2017, 2:48 pm
Advertisement
Register to Remove

Re: Bleeping comp freezing

Unread postby pgmigg » March 15th, 2017, 11:52 pm

Hello Ben11,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Looking to your logs I could not find any evidence of infections and it seems to me that your computer is clean.

Ben11 wrote:comp keeps locking and freezing
tried to run frst and computer just gave an ominous loud bleeping noise
The "ominous loud bleeping noise" usually indicates serious hardware problem which is more than possible today for the computer which is still running Windows Vista. Probably you are right with "just computer ready to pack up?"...

In any case, I recommend that you apply to a forum specializing in technical issues and if you decide to get suchl help for your not related to malware problems, I would like to refer you to a technical support forum like: Tech Support Guy .

Thank you,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3358
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bleeping comp freezing

Unread postby pgmigg » March 16th, 2017, 11:27 am

Hi Ben11,

I would like to add one more thing here. Actually the long term support for Windows Vista SP2 terminates by Microsoft on 11th April 2017, and after that you will not be able to secure your Windows. So, if you are going to keep and use your computer you need to upgrade as a matter of some urgency.

Thank you,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3358
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bleeping comp freezing

Unread postby Ben11 » March 16th, 2017, 3:39 pm

ok thanks
where my logs i enclosed clear?
Ben11
Active Member
 
Posts: 2
Joined: March 15th, 2017, 2:48 pm

Re: Bleeping comp freezing

Unread postby pgmigg » March 16th, 2017, 4:56 pm

Ben11 wrote:ok thanks
You are welcome!

Ben11 wrote:where my logs i enclosed clear?
Yes, they are clean - I don't see any kind of infection at all.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3358
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bleeping comp freezing

Unread postby pgmigg » March 20th, 2017, 12:15 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3358
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: JustTheEngineer and 145 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware