Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant process hanging


  • This topic is locked This topic is locked
37 replies to this topic

#1 hypno17

hypno17

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 16 November 2015 - 03:08 PM

Hello, everyone. I've recently encountered an issue that is a nuisance. Processes constantly hang, and there's also another problem that has been bugging me for quite a bit, and that's the speed of ALL of my web browsers. They're EXTREMELY slow at all times, even when I'm doing absolutely nothing. Both of these have been happening fairly recently, and I'm not sure why that is. Thanks for the help in advance, and the required information are attached below.

 

 

EDIT: There has also been a random network device appearing. I'm not sure where this is coming from.

Attached Files


Edited by hypno17, 16 November 2015 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 17 November 2015 - 05:20 PM

( Meant to put this below instead of an attachment, and for whatever reason I cannot edit my first post.)
I have also noticed some weird behavior. Random files appear without my knowledge, and occasionally COMODO will end without my input.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by PGK (administrator) on CHESTERPC (15-11-2015 13:00:20)
Running from C:\Users\PGK\Downloads
Loaded Profiles: PGK (Available Profiles: PGK)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\puush\puush.exe
(Akamai Technologies, Inc.) C:\Users\PGK\AppData\Local\Akamai\netsession_win.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Akamai Technologies, Inc.) C:\Users\PGK\AppData\Local\Akamai\netsession_win.exe
(Cisco) C:\Users\PGK\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
() C:\Users\PGK\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Octoshape ApS) C:\Users\PGK\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\PGK\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\PGK\AppData\Roaming\Spotify\SpotifyCrashService.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 5\CyberGhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\KillSwitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Users\Public\Downloads\Norton\{NIS2250215-SHPD-FSD51083}\FSDUI_Custom.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-28] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-01] (LogMeIn Inc.)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-11] (Valve Corporation)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568392 2015-03-30] ()
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Akamai NetSession Interface] => C:\Users\PGK\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [PCShowServer] => C:\Users\PGK\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Octoshape Streaming Services] => C:\Users\PGK\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Spotify] => C:\Users\PGK\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-08] (Spotify Ltd)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Spotify Web Helper] => C:\Users\PGK\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-08] (Spotify Ltd)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [GoogleChromeAutoLaunch_C1AAA5D6DC371E698F6357F5D4386D37] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-12] (Google Inc.)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe [2034040 2015-11-15] (Symantec Corporation) <===== ATTENTION
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-08-10] (CyberGhost S.R.L.)
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [MyComGames] => C:\Users\PGK\AppData\Local\MyComGames\MyComGames.exe [4278728 2015-11-12] (MY.COM B.V.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2015-08-06]
ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-10-28]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\PGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-03-24]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\..\Interfaces\{974A50D2-89C0-4E4E-9D90-27FD18731C8D}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{974A50D2-89C0-4E4E-9D90-27FD18731C8D}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A0712C59-6416-441E-9D15-2588C6C8EFAB}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{A0712C59-6416-441E-9D15-2588C6C8EFAB}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {61D277B2-4891-46AA-A338-ED98D855B47B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3758727133-4133580591-622938360-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3758727133-4133580591-622938360-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-09] (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3758727133-4133580591-622938360-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\PGK\AppData\Roaming\Mozilla\Firefox\Profiles\prwdnfuo.default
FF SearchEngineOrder.3: Bing 
FF Homepage: hxxp://us.yahoo.com?fr=fp-comodo
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Keyword.URL: hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2013-12-29] ()
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @my.com/Games -> C:\Users\PGK\AppData\Local\MyComGames\NPMyComDetector.dll [2015-10-31] (My.com, Inc)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @nds.com/PlayerPlugin -> C:\Users\PGK\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @nds.com/PlayerPlugin64 -> C:\Users\PGK\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @nsroblox.roblox.com/launcher -> C:\Users\PGK\AppData\Local\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\PGK\AppData\Local\Roblox\Versions\version-9d174e484c8b493e\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\PGK\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PGK\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: NDS.com/PlayerPlugin -> C:\Users\PGK\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-3758727133-4133580591-622938360-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\PGK\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-02-27] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-08-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-08-01] [not signed]
FF Extension: No Name - C:\Users\PGK\AppData\Roaming\Mozilla\Firefox\Profiles\prwdnfuo.default\extensions\plugin@starstable.com [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-12]
CHR Extension: (Google Docs) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Norton Security Toolbar) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-08-06]
CHR Extension: (YouTube) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-11]
CHR Extension: (Google Search) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Sheets) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Riggy) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmhgjmnoajcllmonagkncffamgggmoc [2014-04-21]
CHR Extension: (Norton Identity Safe) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-23]
CHR Extension: (Roblox Forum Enhancer) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcpdfglmclgjedmjhiakmmgkcibkimod [2014-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Hide My Ass - VPN) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocneleoikjgphlhjpeoabocgcegemegd [2014-07-10]
CHR Extension: (Enhanced Steam) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-11-01]
CHR Extension: (Roblox Item Notifier) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldkompphpomjnkphhphjfggbadhdlfo [2014-10-10]
CHR Extension: (Gmail) - C:\Users\PGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-11-14] ()
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2014-12-27] (altPUG LLC)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-08-10] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-30] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-10-28] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.)
S4 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [235744 2015-04-26] (EasyAntiCheat Ltd)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-24] (WildTangent)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-28] (Comodo Security Solutions, Inc.)
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589520 2015-06-03] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-01] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-11-11] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-11-14] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-11] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2014-04-15] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-02-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2015-10-22] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-08-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-22] (Symantec Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-01] (LogMeIn Inc.)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130820.006\IDSvia64.sys [520280 2013-08-20] (Symantec Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-11-11] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-11] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-11-11] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130821.002\ENG64.SYS [126040 2013-08-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130821.002\EX64.SYS [2098776 2013-08-22] (Symantec Corporation)
R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2014-04-15] (Realtek Semiconductor Corp.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-30] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-13] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 cpuz138; \??\C:\Users\PGK\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 13:00 - 2015-11-15 13:02 - 00037724 _____ C:\Users\PGK\Downloads\FRST.txt
2015-11-15 12:59 - 2015-11-15 12:59 - 02198528 _____ (Farbar) C:\Users\PGK\Downloads\FRST64.exe
2015-11-15 12:02 - 2015-11-15 12:05 - 279808000 _____ C:\Users\PGK\Downloads\kav_rescue_10.iso
2015-11-15 11:35 - 2015-11-15 11:35 - 53039104 _____ C:\Users\PGK\Downloads\comodo_rescue_disk_2.0.261647.1.iso
2015-11-15 11:08 - 2015-11-15 11:09 - 00001478 _____ C:\Users\PGK\Desktop\Norton Download Manager.lnk
2015-11-15 09:35 - 2015-11-15 09:35 - 00000000 ____D C:\Users\PGK\AppData\Roaming\Comodo
2015-11-15 07:54 - 2015-11-15 07:54 - 05637834 _____ (Swearware) C:\Users\PGK\Downloads\ComboFix.exe
2015-11-15 05:22 - 2015-11-15 05:22 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\PGK\Downloads\iexplorer (2).exe
2015-11-14 11:54 - 2015-11-14 11:54 - 00000000 _____ C:\Users\PGK\Downloads\668.tmp
2015-11-14 11:50 - 2015-11-14 11:50 - 00138584 _____ (Kaspersky Lab ZAO) C:\Users\PGK\Downloads\iexplorer.exe
2015-11-14 08:45 - 2015-11-14 08:45 - 00001957 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-14 08:45 - 2015-11-14 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-14 08:44 - 2015-11-14 08:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-14 07:52 - 2015-11-14 07:56 - 00000000 ____D C:\Program Files (x86)\DayZLauncher
2015-11-14 07:52 - 2015-11-14 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DayZLauncher
2015-11-14 07:50 - 2015-11-14 07:51 - 14967177 _____ (Maca134 ) C:\Users\PGK\Downloads\setup_dzlauncher.exe
2015-11-14 03:55 - 2015-11-14 03:55 - 00142744 _____ C:\Users\PGK\Downloads\vtuploader2.2.exe
2015-11-14 03:55 - 2015-11-14 03:55 - 00002094 _____ C:\Users\PGK\Desktop\VirusTotal Uploader 2.2.lnk
2015-11-14 03:55 - 2015-11-14 03:55 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2015-11-13 05:35 - 2015-11-11 02:53 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-13 05:35 - 2015-11-11 02:53 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 08:33 - 2015-11-11 08:33 - 00002419 _____ C:\Users\PGK\Documents\ss.txt
2015-11-11 05:33 - 2015-11-11 05:33 - 00679936 _____ C:\Users\PGK\Downloads\Detection (2).msi
2015-11-11 05:32 - 2015-11-11 05:32 - 00679936 _____ C:\Users\PGK\Downloads\Detection (1).msi
2015-11-11 03:50 - 2015-11-12 19:44 - 00053636 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-11-11 03:50 - 2015-11-11 03:50 - 00000000 ___HD C:\VTRoot
2015-11-11 03:42 - 2015-11-11 03:42 - 04419352 _____ (Piriform Ltd) C:\Users\PGK\Downloads\Defraggler64.exe
2015-11-11 03:42 - 2015-11-11 03:42 - 03503384 _____ (Piriform Ltd) C:\Users\PGK\Downloads\Defraggler.exe
2015-11-11 03:42 - 2015-11-11 03:42 - 01555736 _____ (Piriform Ltd) C:\Users\PGK\Downloads\df64.exe
2015-11-11 03:42 - 2015-11-11 03:42 - 01275160 _____ (Piriform Ltd) C:\Users\PGK\Downloads\df.exe
2015-11-11 03:42 - 2015-11-11 03:42 - 00000000 ____D C:\Users\PGK\Downloads\lang
2015-11-11 03:42 - 2014-04-09 13:05 - 00164632 _____ (Piriform Ltd) C:\Users\PGK\Downloads\DefragglerShell.dll
2015-11-11 03:42 - 2014-04-09 13:05 - 00106264 _____ (Piriform Ltd) C:\Users\PGK\Downloads\DefragglerShell64.dll
2015-11-11 03:42 - 2013-08-20 14:35 - 00005540 _____ C:\Users\PGK\Downloads\License.txt
2015-11-11 03:42 - 2012-06-05 10:35 - 00000010 _____ C:\Users\PGK\Downloads\portable.dat
2015-11-11 03:37 - 2015-11-11 03:37 - 04776783 _____ C:\Users\PGK\Downloads\dfsetup218.zip
2015-11-11 02:55 - 2015-11-11 02:55 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 02:55 - 2015-11-11 02:55 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 02:55 - 2015-11-11 02:55 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 02:55 - 2015-11-11 02:55 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 02:55 - 2015-11-11 02:55 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 02:55 - 2015-11-11 02:55 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 02:55 - 2015-11-11 02:55 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 02:55 - 2015-10-13 09:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 02:55 - 2015-09-12 05:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 02:54 - 2015-11-11 02:54 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 02:54 - 2015-11-11 02:54 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 02:54 - 2015-11-11 02:54 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 02:54 - 2015-11-11 02:54 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 02:54 - 2015-11-11 02:54 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 02:54 - 2015-11-11 02:54 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 02:54 - 2015-11-11 02:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 02:54 - 2015-11-11 02:54 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 02:54 - 2015-11-11 02:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 02:54 - 2015-11-11 02:54 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 02:53 - 2015-11-11 02:53 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 02:53 - 2015-11-11 02:53 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 02:53 - 2015-11-11 02:53 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 02:53 - 2015-11-11 02:53 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 02:51 - 2015-11-11 02:51 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 02:51 - 2015-11-11 02:51 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 02:51 - 2015-11-11 02:51 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 02:51 - 2015-11-11 02:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 02:51 - 2015-11-11 02:51 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-11 02:51 - 2015-11-11 02:51 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 02:51 - 2015-11-11 02:51 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 02:51 - 2015-11-11 02:51 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-10 09:20 - 2015-11-10 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-04 05:39 - 2015-11-04 05:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\PGK\Downloads\mbar-1.09.3.1001.exe
2015-11-03 13:08 - 2015-11-03 13:08 - 00004810 _____ C:\Users\PGK\Documents\Tweaking.com - Windows Repair - Pre-Scan.txt
2015-11-03 12:45 - 2015-11-03 12:45 - 00003652 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-11-03 12:45 - 2015-11-03 12:45 - 00002182 _____ C:\Users\PGK\Desktop\Tweaking.com - Windows Repair.lnk
2015-11-03 12:45 - 2015-11-03 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-03 12:44 - 2015-11-03 12:44 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-03 12:34 - 2015-11-03 12:34 - 20656848 _____ (Tweaking.com) C:\Users\PGK\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-11-03 11:40 - 2015-11-03 11:40 - 00002209 _____ C:\Users\PGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-11-03 11:40 - 2015-11-03 11:40 - 00000000 ___RD C:\Users\PGK\SkyDrive
2015-11-02 02:28 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini
2015-11-01 05:08 - 2015-11-01 05:40 - 1126567936 _____ C:\Users\PGK\Downloads\-Oceanofgames.com-supreme.ruler.ultimate.iso
2015-11-01 03:36 - 2015-11-01 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-01 03:36 - 2015-11-01 03:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-10-31 10:25 - 2015-10-31 10:25 - 00000128 _____ C:\Users\PGK\Desktop\Armored Warfare.url
2015-10-31 10:25 - 2015-10-31 10:25 - 00000000 ____D C:\Users\PGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Armored Warfare MyCom Beta
2015-10-31 09:33 - 2015-11-01 15:24 - 00002218 _____ C:\Users\PGK\Desktop\My.com Game Center.lnk
2015-10-31 09:33 - 2015-10-31 10:10 - 00000000 ____D C:\MyGames
2015-10-31 09:33 - 2015-10-31 09:33 - 00000000 ____D C:\Users\PGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2015-10-31 09:32 - 2015-11-15 07:37 - 00000000 ____D C:\Users\PGK\AppData\Local\MyComGames
2015-10-31 09:32 - 2015-10-31 09:32 - 05468656 _____ (MY.COM B.V.) C:\Users\PGK\Downloads\ArmwarMycomLoader_en.exe
2015-10-30 11:37 - 2015-11-15 12:40 - 00000000 ____D C:\Users\PGK\AppData\LocalLow\BitTorrent
2015-10-28 00:53 - 2015-10-28 00:53 - 00002036 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-10-28 00:53 - 2015-10-28 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-10-26 11:11 - 2015-11-01 03:36 - 00045680 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2015-10-26 07:40 - 2015-10-26 07:40 - 943060620 _____ C:\WINDOWS\MEMORY.DMP
2015-10-24 09:43 - 2015-10-24 09:43 - 04216840 _____ (Microsoft Corporation) C:\Users\PGK\Downloads\vcredist_x86.exe
2015-10-24 05:51 - 2015-10-24 05:51 - 00000221 _____ C:\Users\PGK\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
2015-10-24 05:31 - 2015-10-24 05:31 - 00000221 _____ C:\Users\PGK\Desktop\Call of Duty Modern Warfare 2.url
2015-10-24 04:51 - 2015-10-24 04:51 - 00000381 _____ C:\WINDOWS\DirectX.log
2015-10-24 01:52 - 2015-10-24 01:52 - 00564662 _____ C:\Users\PGK\Downloads\lol.htm
2015-10-23 02:56 - 2015-10-23 02:57 - 00000000 ____D C:\Users\PGK\AppData\Roaming\com.rosettastone.languagetraining
2015-10-23 02:55 - 2015-10-23 02:55 - 00001172 _____ C:\Users\Public\Desktop\Rosetta Stone.lnk
2015-10-22 08:44 - 2015-10-22 08:44 - 00000244 _____ C:\Users\PGK\Desktop\TSAR BOMBA ARGON.txt
2015-10-22 03:12 - 2015-10-22 03:12 - 00000000 ____D C:\Program Files (x86)\ESET
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 13:00 - 2015-10-10 10:58 - 00000000 ____D C:\FRST
2015-11-15 13:00 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-15 12:55 - 2015-10-12 04:31 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-11-15 12:43 - 2015-10-12 06:31 - 01599968 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-15 12:40 - 2015-06-11 03:48 - 00000000 ____D C:\Users\PGK\AppData\Roaming\BitTorrent
2015-11-15 12:37 - 2015-06-29 06:25 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-15 12:37 - 2015-06-29 06:25 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-15 12:37 - 2014-03-25 05:05 - 00000000 ____D C:\Users\PGK\AppData\Roaming\TS3Client
2015-11-15 12:37 - 2014-02-16 08:29 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 12:35 - 2013-05-20 14:13 - 00000000 ____D C:\ProgramData\Norton
2015-11-15 12:24 - 2015-02-27 07:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-15 11:38 - 2015-10-10 05:58 - 00000000 ____D C:\Users\PGK\AppData\Local\CrashDumps
2015-11-15 11:30 - 2014-11-21 00:44 - 01260572 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-15 11:27 - 2015-10-15 02:39 - 00001680 _____ C:\WINDOWS\setupact.log
2015-11-15 11:09 - 2015-08-02 11:33 - 00001317 _____ C:\Users\PGK\Desktop\Norton Installation Files.lnk
2015-11-15 11:09 - 2015-02-23 21:23 - 00040960 ___SH C:\Users\PGK\Desktop\Thumbs.db
2015-11-15 09:35 - 2015-10-12 04:25 - 00000000 ____D C:\ProgramData\Comodo
2015-11-15 09:33 - 2014-08-01 23:16 - 00000000 ____D C:\Users\PGK\AppData\Local\TSVNCache
2015-11-15 09:10 - 2013-08-03 06:34 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9CE8E787-85C7-4172-9578-92E9D3D2A805}
2015-11-15 07:40 - 2014-07-25 06:45 - 00000000 ____D C:\Users\PGK\AppData\Local\LogMeIn Hamachi
2015-11-15 07:38 - 2015-06-29 06:28 - 00000000 ___RD C:\Users\PGK\Dropbox
2015-11-15 07:38 - 2015-06-29 06:25 - 00000000 ____D C:\Users\PGK\AppData\Local\Dropbox
2015-11-15 07:38 - 2013-08-22 01:29 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-15 07:37 - 2014-12-28 12:52 - 00000000 ____D C:\Users\PGK\AppData\Roaming\Raptr
2015-11-15 07:36 - 2014-07-10 17:44 - 00000000 ____D C:\Users\PGK\AppData\Local\Spotify
2015-11-15 07:35 - 2014-02-16 08:29 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 07:35 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-15 07:34 - 2013-08-22 05:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-15 05:27 - 2015-10-15 18:34 - 00004002 _____ C:\WINDOWS\PFRO.log
2015-11-15 02:22 - 2013-08-03 06:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3758727133-4133580591-622938360-1001
2015-11-15 02:03 - 2014-12-13 03:50 - 00000000 ____D C:\Fraps
2015-11-14 12:05 - 2015-02-19 10:46 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-14 09:52 - 2015-06-18 10:31 - 00000000 ____D C:\Users\PGK\AppData\Local\ArmA 2 OA
2015-11-14 07:06 - 2014-11-12 07:23 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPGK.job
2015-11-14 03:50 - 2015-10-11 04:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-11-13 19:37 - 2014-02-09 07:15 - 00000000 ____D C:\Users\PGK\AppData\Roaming\Skype
2015-11-13 10:06 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-13 05:36 - 2015-02-19 10:53 - 00000000 ____D C:\Users\PGK
2015-11-13 05:34 - 2015-10-15 02:21 - 00501000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-13 05:30 - 2013-08-22 07:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 05:05 - 2015-10-10 04:14 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-13 04:50 - 2015-10-11 02:34 - 00000000 ____D C:\AdwCleaner
2015-11-12 12:55 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-11 13:23 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 08:25 - 2015-02-27 07:25 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-11 08:24 - 2015-10-14 09:24 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-11-11 08:12 - 2015-10-10 05:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-11 04:11 - 2015-10-10 05:16 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-11 04:11 - 2015-10-10 05:16 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-11 04:11 - 2015-10-10 05:16 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-11 04:11 - 2015-10-10 05:16 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-11 04:11 - 2015-10-10 05:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-11 04:11 - 2015-10-10 05:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-11 02:53 - 2014-11-21 00:39 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-10 09:20 - 2015-06-29 06:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-04 09:45 - 2015-10-10 08:18 - 00000000 ____D C:\Users\PGK\Desktop\mbar
2015-11-04 09:45 - 2015-10-10 08:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-03 12:42 - 2015-02-23 10:32 - 01704448 ___SH C:\Users\PGK\Downloads\Thumbs.db
2015-10-30 02:25 - 2015-01-06 08:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-28 00:53 - 2015-10-12 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-10-26 07:40 - 2015-03-31 03:48 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-26 06:44 - 2015-03-30 03:33 - 00000000 ____D C:\Users\PGK\AppData\Local\Warframe
2015-10-24 05:51 - 2015-10-15 09:07 - 00000000 ____D C:\Users\PGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-23 02:56 - 2014-05-02 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-10-23 02:56 - 2014-05-02 09:05 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2015-10-23 02:55 - 2014-05-02 09:05 - 00000000 ____D C:\ProgramData\Rosetta Stone Backups
2015-10-23 02:55 - 2014-05-02 09:05 - 00000000 ____D C:\ProgramData\Rosetta Stone
2015-10-22 08:13 - 2015-07-23 04:14 - 00000222 _____ C:\Users\PGK\Desktop\Insurgency.url
2015-10-22 03:00 - 2014-06-25 21:33 - 00040224 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\CFRMD.sys
 
==================== Files in the root of some directories =======
 
2014-07-31 19:33 - 2014-11-28 12:03 - 0000098 _____ () C:\Users\PGK\AppData\Roaming\LauncherSettings_live.cfg
2014-07-31 19:29 - 2014-12-06 08:18 - 0000039 _____ () C:\Users\PGK\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-05-17 02:29 - 2014-05-17 02:29 - 0000003 _____ () C:\Users\PGK\AppData\Local\updater.log
2014-05-17 02:29 - 2015-10-11 05:19 - 0000436 _____ () C:\Users\PGK\AppData\Local\UserProducts.xml
 
Files to move or delete:
====================
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe
C:\Users\PGK\Setup-4.5.5.0.exe
 
 
Some files in TEMP:
====================
C:\Users\PGK\AppData\Local\Temp\dllnt_dump.dll
C:\Users\PGK\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa2ljna.dll
C:\Users\PGK\AppData\Local\Temp\FSDUI_Custom.exe
C:\Users\PGK\AppData\Local\Temp\speccycpuid.dll
C:\Users\PGK\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-15 08:55
 
==================== End of FRST.txt ============================

Edited by hypno17, 18 November 2015 - 02:57 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 04:12 PM

Greetings hypno17 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Toolbar: HKU\S-1-5-21-3758727133-4133580591-622938360-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: No Name - C:\Users\PGK\AppData\Roaming\Mozilla\Firefox\Profiles\prwdnfuo.default\extensions\plugin@starstable.com [not found]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  <not found>
S3 cpuz138; \??\C:\Users\PGK\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
2015-11-14 11:54 - 2015-11-14 11:54 - 00000000 _____ C:\Users\PGK\Downloads\668.tmp
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe
C:\Users\PGK\Setup-4.5.5.0.exe
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe [2034040 2015-11-15] (Symantec Corporation) <===== ATTENTION
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 November 2015 - 04:32 PM

Greetings, Oh My. Thanks for your assistance. Below are the items you requested, and Summary is attached.

 

Also, I'd like to report that disk usage is at a steady 90-99%, despite doing nothing.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by PGK (2015-11-20 04:51:54) Run:1
Running from C:\Users\PGK\Downloads
Loaded Profiles: PGK (Available Profiles: PGK)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Toolbar: HKU\S-1-5-21-3758727133-4133580591-622938360-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: No Name - C:\Users\PGK\AppData\Roaming\Mozilla\Firefox\Profiles\prwdnfuo.default\extensions\plugin@starstable.com [not found]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  <not found>
S3 cpuz138; \??\C:\Users\PGK\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
2015-11-14 11:54 - 2015-11-14 11:54 - 00000000 _____ C:\Users\PGK\Downloads\668.tmp
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe
C:\Users\PGK\Setup-4.5.5.0.exe
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\...\Run: [Norton Download Manager{NIS2250215-SHPD-FSD51083}] => C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe [2034040 2015-11-15] (Symantec Corporation) <===== ATTENTION
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
*****************
 
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
C:\Users\PGK\AppData\Roaming\Mozilla\Firefox\Profiles\prwdnfuo.default\extensions\plugin@starstable.com => path removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob" => key removed successfully
cpuz138 => service removed successfully
EagleX64 => service removed successfully
C:\Users\PGK\Downloads\668.tmp => moved successfully
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}\Upgrade.exe => moved successfully
C:\Users\PGK\Setup-4.5.5.0.exe => moved successfully
HKU\S-1-5-21-3758727133-4133580591-622938360-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Norton Download Manager{NIS2250215-SHPD-FSD51083} => value removed successfully
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B} => moved successfully
 
=========  type "C:\ComboFix.txt" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
========================= File: C:\ComboFix.txt ========================
 
"C:\ComboFix.txt" => not found.
====== End of File: ======
 
 
==== End of Fixlog 04:51:57 ====

Attached Files


Edited by hypno17, 19 November 2015 - 04:41 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 05:21 PM

Thank you for the information.

Can you tell me how your computer performs in Safe Mode with Networking?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 November 2015 - 05:32 PM

It performs a lot better than on a normal boot.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 06:35 PM

Thank you, I suspected that would be the case.

Please do this now.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How does your computer run in Clean Boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 November 2015 - 06:51 PM

Performance is the same as a normal boot as far as I can see. I'm not exactly sure if this is of any value, but some services were not disabled when I looked at the list.


Edited by hypno17, 19 November 2015 - 06:53 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 06:57 PM

Was Spotify one of the ones not disabled?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 November 2015 - 07:01 PM

From the list, "Norton Internet Security" (which I have not used in ages, nor enjoy using) was the only thing that had not been disabled.


Edited by hypno17, 19 November 2015 - 07:02 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 07:04 PM

Are you able to manually uncheck that item?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 November 2015 - 07:06 PM

I am not able to disable it, no. Another piece of information that I believe may help you is that I am often greeted with a "Norton Download Manager"  popup every thirty minutes-hour or so. It is an annoyance, and I have tried to remove it to no success.


Edited by hypno17, 19 November 2015 - 07:08 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 07:23 PM

OK, thank you. We are going to get rid of Norton, although I have my eye on another program we might have to address. Please do this.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CloseProcesses:
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Norton Internet Security
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Check your computer performance
===================================================

Things I would like to see in your next reply.
  • Fixlog
  • Did Norton uninstall?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 hypno17

hypno17
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 19 November 2015 - 08:02 PM

Norton is not in the list of programs to uninstall. My computer performance is the same as it had been before. 
The log is below
 
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:19-11-2015
Ran by PGK (2015-11-20 08:07:06) Run:2
Running from C:\Users\PGK\Downloads
Loaded Profiles: PGK (Available Profiles: PGK)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}
*****************
 
Processes closed successfully.
"C:\Users\PGK\AppData\Local\Temp\{0F93528D-F178-4262-8067-774A8144737B}" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:07:08 ====


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:12 AM

Posted 19 November 2015 - 08:06 PM

OK, do this please.

===================================================

Norton Removal Tool for 2006 Product or Later

--------------------
  • Please download the Norton Removal Tool and save it to your desktop
  • Double click the icon
  • Select Run
  • Select Next
  • Select I accept the License Agreement, and then press Next
  • Type the security text on the screen into the box
  • Select Next and allow the process to run - Note: Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts
  • Click Finish on the Removal Completed screen
  • When finished, reboot your computer if not done automatically
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Norton uninstall?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users