Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer and repeatedly freezing screen


  • This topic is locked This topic is locked
9 replies to this topic

#1 LadyS

LadyS

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:21 AM

Posted 22 December 2015 - 08:22 PM

Hi, 

 

I think I was infected while browsing the internet and my free AVG was turned off (didn't notice it was) about 1.5 week ago. The computer has been slow opening, internet browser takes a long time to open and freezes repeatedly and sometimes, the whole computer freezes and even 'Task Manager' doesn't open before at least 1-2min.

 

I have installed free AVAST and tried to remove AVG which just doesn't want to uninstall...like whatever I do, whenever I tried to uninstall AVG, I have a window popping that says ''AVG has stop working'' and close the program, and it doesn't uninstall. So I have both AVG (turned off) and AVAST (turned on) on my computer. 

 

I have tried to erase temporary files and defragment the disk, and most my stuff is saved on a separated internal disk (not C disk). The problem remains despite all that. I'm not computer savvy and I don't know what to do next. I was able to save the content of my other disks but haven't been able to backup anything from C disk...so if possible to solve the issue without losing my programs, that would be great!

 

 

 

Please see below the FRST copy-paste: 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Lix (administrator) on LIX-PC (22-12-2015 20:07:21)
Running from C:\Users\Lix\Desktop
Loaded Profiles: Lix (Available Profiles: Lix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [agentantidote.exe] => C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe [947712 2013-06-14] (Druide informatique inc.)
HKLM-x32\...\Run: [agentantidote64.exe] => C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe [83968 2013-06-14] (Druide informatique inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-16] (AVAST Software)
HKU\S-1-5-21-9550187-3546826477-2711852638-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-03-28]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Lix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-03-31]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BE289E1-3447-470A-A7CE-05D300FD09D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-9550187-3546826477-2711852638-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.ecosia.org/
HKU\S-1-5-21-9550187-3546826477-2711852638-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKU\S-1-5-21-9550187-3546826477-2711852638-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={585B7E5B-B789-4B1F-83D0-71602006A627}&mid=951b4914e81547d2b61641affc25a193-d98721e17b756a05a014d291a867bb73dfdf9ed0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615av&pr=fr&d=2015-06-12 19:14:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-16] (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-06]
CHR Extension: (Google Drive) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Avast Online Security) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
CHR Extension: (Gmail) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-03-31] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-16] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-11] (Digital Wave Ltd.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-16] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 20:07 - 2015-12-22 20:07 - 00015387 _____ C:\Users\Lix\Desktop\FRST.txt
2015-12-22 20:05 - 2015-12-22 20:07 - 00000000 ____D C:\FRST
2015-12-22 20:05 - 2015-12-22 20:05 - 02370560 _____ (Farbar) C:\Users\Lix\Downloads\FRST64 (1).exe
2015-12-22 20:04 - 2015-12-22 20:04 - 02370560 _____ (Farbar) C:\Users\Lix\Desktop\FRST64.exe
2015-12-17 16:27 - 2015-12-17 16:37 - 00000000 ____D C:\Users\Lix\AppData\Local\Microsoft Games
2015-12-16 18:40 - 2015-12-22 19:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-16 18:40 - 2015-12-16 18:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-16 18:29 - 2015-12-16 18:29 - 00000000 ____D C:\Users\Lix\AppData\Roaming\AVAST Software
2015-12-16 18:29 - 2015-12-16 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-16 18:29 - 2015-12-16 18:28 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-16 18:28 - 2015-12-20 12:33 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-16 18:28 - 2015-12-20 12:33 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-16 18:28 - 2015-12-20 12:28 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-16 18:28 - 2015-12-16 18:28 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1450632790433
2015-12-16 18:28 - 2015-12-16 18:28 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.1450632790433
2015-12-16 18:28 - 2015-12-16 18:28 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-16 18:28 - 2015-12-16 18:28 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-16 18:28 - 2015-12-16 18:28 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-16 18:26 - 2015-12-16 18:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-15 23:24 - 2015-12-15 23:24 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-12-15 23:13 - 2015-12-15 23:24 - 00000000 ___RD C:\Users\Lix\Desktop\Medias
2015-12-15 20:07 - 2015-12-15 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-12-15 20:07 - 2015-12-15 20:07 - 02895464 _____ (AVG Technologies) C:\Users\Lix\Downloads\AVG_Protection_Free_1115.exe
2015-12-13 14:09 - 2015-12-13 14:10 - 26089352 _____ (DVDVideoSoft Ltd. ) C:\Users\Lix\Downloads\FreeDailymotionDownload.exe
2015-12-10 21:09 - 2015-12-10 21:09 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-03 18:55 - 2015-12-03 18:48 - 30177880 _____ (TomTom International B.V.) C:\Users\Lix\Downloads\InstallMyDriveConnect_4_0_7_2442.exe
2015-12-02 21:11 - 2015-12-02 21:11 - 00000000 ____D C:\Users\Lix\AppData\Local\Topaz Labs
2015-11-30 19:42 - 2015-11-30 19:42 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Alien Skin
2015-11-30 19:38 - 2015-11-30 19:38 - 00000000 ____D C:\Users\Lix\AppData\Local\Alien Skin
2015-11-30 19:38 - 2015-11-30 19:38 - 00000000 ____D C:\Users\Lix\.AS
2015-11-30 19:37 - 2015-11-30 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-30 19:37 - 2015-11-30 19:37 - 00000000 ____D C:\Program Files\7-Zip
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\Program Files (x86)\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:27 - 00000000 ____D C:\Program Files\Topaz Labs
2015-11-30 19:26 - 2015-11-30 19:26 - 00000000 ____D C:\Users\Lix\AppData\Local\PackageAware
2015-11-30 19:24 - 2015-12-01 23:38 - 00000000 ____D C:\Users\Lix\AppData\Roaming\ON1
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\ProgramData\Nalpeiron
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ON1
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\Program Files\ON1
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\Program Files (x86)\ON1
2015-11-30 19:23 - 2015-12-01 23:19 - 00000000 ____D C:\ProgramData\ON1
2015-11-30 19:23 - 2015-11-30 19:23 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-11-30 19:21 - 2015-11-30 19:38 - 00000000 ____D C:\ProgramData\Alien Skin
2015-11-30 19:21 - 2015-11-30 19:21 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alien Skin Software
2015-11-30 19:21 - 2015-11-30 19:21 - 00000000 ____D C:\Program Files\Alien Skin
2015-11-30 19:21 - 2015-11-30 19:21 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2015-11-30 19:15 - 2015-11-30 19:15 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Lix-PC-Lix
2015-11-30 19:15 - 2015-11-30 19:15 - 00000000 ____D C:\Users\Lix\AppData\Roaming\NVIDIA
2015-11-30 19:15 - 2015-11-30 19:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-11-30 19:14 - 2015-11-30 19:14 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-11-30 19:14 - 2015-11-30 19:14 - 00000000 ____D C:\Users\Lix\Documents\Adobe
2015-11-30 19:12 - 2015-11-30 19:21 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-30 19:10 - 2015-11-30 19:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-30 19:10 - 2015-11-30 19:10 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-11-30 19:10 - 2015-11-30 19:10 - 00000000 ____D C:\Program Files\Adobe
2015-11-26 14:55 - 2015-11-26 14:55 - 00438778 _____ C:\Users\Lix\Downloads\westjet.zip
2015-11-26 14:55 - 2015-11-26 14:55 - 00000000 ____D C:\Users\Lix\Downloads\westjet
2015-11-25 18:04 - 2015-11-25 18:04 - 00234060 _____ C:\Users\Lix\Downloads\Baggage Declaration Form 2015.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 20:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-22 19:54 - 2014-03-28 17:29 - 00000000 ____D C:\Users\Lix\AppData\Local\Google
2015-12-22 19:25 - 2014-03-28 17:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-22 19:08 - 2014-03-28 17:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-22 19:08 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-22 19:08 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-22 09:21 - 2015-10-23 21:43 - 00000000 ____D C:\Users\Lix\AppData\Local\AvgSetupLog
2015-12-22 09:13 - 2014-03-27 22:00 - 00000000 ____D C:\Users\Lix\AppData\Local\Adobe
2015-12-21 00:04 - 2014-03-28 22:33 - 00000000 ___RD C:\Users\Lix\Desktop\Security
2015-12-17 16:19 - 2014-05-19 20:38 - 00000000 ____D C:\Windows\Minidump
2015-12-17 15:46 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-17 15:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-17 15:41 - 2014-03-27 21:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-17 15:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-16 18:40 - 2014-03-28 17:29 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-16 18:40 - 2014-03-28 17:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 18:28 - 2015-06-18 11:41 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-15 23:36 - 2014-03-27 19:16 - 00000000 ____D C:\Users\Lix\AppData\Local\MFAData
2015-12-15 23:33 - 2014-03-27 19:16 - 00000000 ____D C:\ProgramData\MFAData
2015-12-15 23:31 - 2015-10-23 21:45 - 00000000 ____D C:\ProgramData\Avg
2015-12-15 23:24 - 2014-03-28 18:43 - 00000000 ____D C:\Users\Lix\AppData\Roaming\DVDVideoSoft
2015-12-15 23:24 - 2014-03-28 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-12-15 20:10 - 2015-06-12 18:15 - 00000000 ____D C:\Users\Lix\AppData\Local\AVG Web TuneUp
2015-12-15 20:07 - 2014-04-26 15:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-14 17:40 - 2015-05-25 15:48 - 00000000 ____D C:\Users\Lix\AppData\Local\Avg
2015-12-09 19:15 - 2014-04-26 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-05 18:20 - 2014-03-28 17:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 18:20 - 2014-03-28 17:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 18:19 - 2014-03-27 22:01 - 00000000 ____D C:\ProgramData\Adobe
2015-12-03 18:56 - 2014-03-28 22:35 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-12-02 13:18 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-30 19:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2015-11-30 19:38 - 2014-03-27 19:08 - 00000000 ____D C:\Users\Lix
2015-11-30 19:24 - 2014-03-27 21:25 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Adobe
2015-11-30 19:23 - 2014-03-27 19:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-23 18:28 - 2014-03-28 22:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 18:27 - 2014-03-28 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-23 18:27 - 2014-03-28 22:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 
Some files in TEMP:
====================
C:\Users\Lix\AppData\Local\Temp\avguirn_08373585025.exe
C:\Users\Lix\AppData\Local\Temp\avguirn_08596686901.exe
C:\Users\Lix\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Lix\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 12:31
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 LadyS

LadyS
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:21 AM

Posted 23 December 2015 - 04:25 PM

Update (which I don't know if it's related to the initial issue)... 

 

 

I am now getting a windows pop-up called Network Error that says ''Another computer on this network has the same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows system event log.''



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 24 December 2015 - 11:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Lets do this first.

AVG which just doesn't want to uninstall.

Download and run the AVG uninstaller. Select the program that meets the version you have installed.
http://www.avg.com/us-en/utilities

When completed restart the computer normally.

Run the Farbar tool and post a fresh FRST log for my review.

Let me know what problem persists.

#4 LadyS

LadyS
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:21 AM

Posted 25 December 2015 - 03:51 PM

Hi and thank you for your quick reply! 

 

I followed the exact steps you provided me with and was able to uninstall AVG. After restarting the computer the 2nd time, I was also able to remove AVG Zen from Control Panel Programs and I believe there is nothing left of AVG on my computer. 

 

However, the same problems are persisting. In such a short timeframe it is hard for me to be certain, but I believe that the overall freezing screen time has decreased - making it slow but for less longer than before your answer. 

 

 

Please see below new FRST: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Lix (administrator) on LIX-PC (25-12-2015 15:38:19)
Running from C:\Users\Lix\Desktop
Loaded Profiles: Lix (Available Profiles: Lix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
(Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_228_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will 
 
not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-
 
20] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA
 
\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [agentantidote.exe] => C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe 
 
[947712 2013-06-14] (Druide informatique inc.)
HKLM-x32\...\Run: [agentantidote64.exe] => C:\Program Files (x86)\Druide\Antidote 
 
7\Programmes64\agentantidote64.exe [83968 2013-06-14] (Druide informatique inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-16] (AVAST 
 
Software)
HKU\S-1-5-21-9550187-3546826477-2711852638-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST 
 
Software\Avast\ashShA64.dll [2015-12-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-03-28]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft 
 
Corporation)
Startup: C:\Users\Lix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-03-31]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 
 
(Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BE289E1-3447-470A-A7CE-05D300FD09D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-9550187-3546826477-2711852638-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
hxxps://www.ecosia.org/
HKU\S-1-5-21-9550187-3546826477-2711852638-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache 
 
= hxxp://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKU\S-1-5-21-9550187-3546826477-2711852638-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = 
 
hxxps://mysearch.avg.com/search?cid={585B7E5B-B789-4B1F-83D0-71602006A627}&mid=951b4914e81547d2b61641affc25a193-
 
d98721e17b756a05a014d291a867bb73dfdf9ed0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615av&pr=fr&d=2015-06-12 
 
19:14:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast
 
\aswWebRepIE64.dll [2015-12-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google 
 
Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast
 
\aswWebRepIE.dll [2015-12-16] (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google 
 
Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google 
 
Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google 
 
Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} 
 
hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} 
 
hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} 
 
hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared
 
\Web Folders\PKMCDO.DLL [2001-01-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities
 
\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-
 
02-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program 
 
Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] 
 
(NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision
 
\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update
 
\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update
 
\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe 
 
Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities
 
\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\aohghmighlieiainnegkcijnfilokake [2015-10-06]
CHR Extension: (Google Drive) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
CHR Extension: (YouTube) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
CHR Extension: (Avast Online Security) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\gomekmidlodglbbmalcneegieacbdmki [2015-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
CHR Extension: (Gmail) - C:\Users\Lix\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast
 
\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-
 
03-31] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-16] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service
 
\AL6Licensing.exe [79360 2014-03-27] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service
 
\CTAELicensing.exe [79360 2014-03-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative 
 
Technology Ltd) [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-
 
12-11] (Digital Wave Ltd.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] 
 
(Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-16] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-25 14:40 - 2015-12-25 14:40 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Lix\Downloads
 
\avg_remover_stf_x64_2015_5501.exe
2015-12-25 14:40 - 2015-12-25 14:40 - 00063302 _____ C:\Users\Lix\Downloads\avgremover_msilog.txt
2015-12-25 14:28 - 2015-12-25 14:28 - 00000000 ___SD C:\Users\Lix\AppData\LocalLow\Temp
2015-12-22 20:07 - 2015-12-25 15:38 - 00013976 _____ C:\Users\Lix\Desktop\FRST.txt
2015-12-22 20:07 - 2015-12-22 20:08 - 00031704 _____ C:\Users\Lix\Desktop\Addition.txt
2015-12-22 20:05 - 2015-12-25 15:38 - 00000000 ____D C:\FRST
2015-12-22 20:05 - 2015-12-22 20:05 - 02370560 _____ (Farbar) C:\Users\Lix\Downloads\FRST64 (1).exe
2015-12-22 20:04 - 2015-12-22 20:04 - 02370560 _____ (Farbar) C:\Users\Lix\Desktop\FRST64.exe
2015-12-17 16:27 - 2015-12-17 16:37 - 00000000 ____D C:\Users\Lix\AppData\Local\Microsoft Games
2015-12-16 18:40 - 2015-12-25 14:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-16 18:40 - 2015-12-16 18:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-16 18:29 - 2015-12-16 18:29 - 00000000 ____D C:\Users\Lix\AppData\Roaming\AVAST Software
2015-12-16 18:29 - 2015-12-16 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST 
 
Software
2015-12-16 18:29 - 2015-12-16 18:28 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-16 18:28 - 2015-12-20 12:33 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-16 18:28 - 2015-12-20 12:33 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-16 18:28 - 2015-12-20 12:28 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-16 18:28 - 2015-12-16 18:28 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-16 18:28 - 2015-12-16 18:28 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-16 18:28 - 2015-12-16 18:28 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-16 18:28 - 2015-12-16 18:28 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-16 18:26 - 2015-12-16 18:26 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-15 23:24 - 2015-12-15 23:24 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-12-15 23:13 - 2015-12-15 23:24 - 00000000 ___RD C:\Users\Lix\Desktop\Medias
2015-12-15 20:07 - 2015-12-15 20:07 - 02895464 _____ (AVG Technologies) C:\Users\Lix\Downloads
 
\AVG_Protection_Free_1115.exe
2015-12-13 14:09 - 2015-12-13 14:10 - 26089352 _____ (DVDVideoSoft Ltd. ) C:\Users\Lix\Downloads
 
\FreeDailymotionDownload.exe
2015-12-10 21:09 - 2015-12-10 21:09 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-03 18:55 - 2015-12-03 18:48 - 30177880 _____ (TomTom International B.V.) C:\Users\Lix\Downloads
 
\InstallMyDriveConnect_4_0_7_2442.exe
2015-12-02 21:11 - 2015-12-02 21:11 - 00000000 ____D C:\Users\Lix\AppData\Local\Topaz Labs
2015-11-30 19:42 - 2015-11-30 19:42 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Alien Skin
2015-11-30 19:38 - 2015-11-30 19:38 - 00000000 ____D C:\Users\Lix\AppData\Local\Alien Skin
2015-11-30 19:38 - 2015-11-30 19:38 - 00000000 ____D C:\Users\Lix\.AS
2015-11-30 19:37 - 2015-11-30 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-30 19:37 - 2015-11-30 19:37 - 00000000 ____D C:\Program Files\7-Zip
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Microsoft\Windows\Start Menu
 
\Programs\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz 
 
Labs
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:28 - 00000000 ____D C:\Program Files (x86)\Topaz Labs
2015-11-30 19:27 - 2015-11-30 19:27 - 00000000 ____D C:\Program Files\Topaz Labs
2015-11-30 19:26 - 2015-11-30 19:26 - 00000000 ____D C:\Users\Lix\AppData\Local\PackageAware
2015-11-30 19:24 - 2015-12-01 23:38 - 00000000 ____D C:\Users\Lix\AppData\Roaming\ON1
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\ProgramData\Nalpeiron
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ON1
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\Program Files\ON1
2015-11-30 19:24 - 2015-11-30 19:24 - 00000000 ____D C:\Program Files (x86)\ON1
2015-11-30 19:23 - 2015-12-01 23:19 - 00000000 ____D C:\ProgramData\ON1
2015-11-30 19:23 - 2015-11-30 19:23 - 00000000 ____D C:\Windows\SysWOW64\spool
2015-11-30 19:21 - 2015-11-30 19:38 - 00000000 ____D C:\ProgramData\Alien Skin
2015-11-30 19:21 - 2015-11-30 19:21 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Microsoft\Windows\Start Menu
 
\Programs\Alien Skin Software
2015-11-30 19:21 - 2015-11-30 19:21 - 00000000 ____D C:\Program Files\Alien Skin
2015-11-30 19:21 - 2015-11-30 19:21 - 00000000 ____D C:\Program Files (x86)\Alien Skin
2015-11-30 19:15 - 2015-11-30 19:15 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Lix-PC-Lix
2015-11-30 19:15 - 2015-11-30 19:15 - 00000000 ____D C:\Users\Lix\AppData\Roaming\NVIDIA
2015-11-30 19:15 - 2015-11-30 19:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-11-30 19:14 - 2015-11-30 19:14 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 
 
Photoshop CC 2015.lnk
2015-11-30 19:14 - 2015-11-30 19:14 - 00000000 ____D C:\Users\Lix\Documents\Adobe
2015-11-30 19:12 - 2015-11-30 19:21 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-30 19:10 - 2015-11-30 19:14 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-30 19:10 - 2015-11-30 19:10 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 
 
Application Manager.lnk
2015-11-30 19:10 - 2015-11-30 19:10 - 00000000 ____D C:\Program Files\Adobe
2015-11-26 14:55 - 2015-11-26 14:55 - 00438778 _____ C:\Users\Lix\Downloads\westjet.zip
2015-11-26 14:55 - 2015-11-26 14:55 - 00000000 ____D C:\Users\Lix\Downloads\westjet
2015-11-25 18:04 - 2015-11-25 18:04 - 00234060 _____ C:\Users\Lix\Downloads\Baggage Declaration Form 2015.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-25 15:25 - 2014-03-28 17:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 15:17 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
 
1.C7483456-A289-439d-8115-601632D005A0
2015-12-25 15:17 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-
 
0.C7483456-A289-439d-8115-601632D005A0
2015-12-25 15:16 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-25 15:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-25 15:12 - 2015-10-23 21:45 - 00000000 ____D C:\ProgramData\Avg
2015-12-25 15:12 - 2014-04-26 15:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-25 15:11 - 2015-10-23 21:43 - 00000000 ____D C:\Users\Lix\AppData\Local\AvgSetupLog
2015-12-25 15:09 - 2014-03-28 17:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-25 15:09 - 2014-03-27 21:51 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-25 15:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-25 14:42 - 2009-07-14 00:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-25 14:40 - 2014-03-27 19:16 - 00000000 ____D C:\Users\Lix\AppData\Local\MFAData
2015-12-25 14:31 - 2014-03-27 22:00 - 00000000 ____D C:\Users\Lix\AppData\Local\Adobe
2015-12-22 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-22 19:54 - 2014-03-28 17:29 - 00000000 ____D C:\Users\Lix\AppData\Local\Google
2015-12-21 00:04 - 2014-03-28 22:33 - 00000000 ___RD C:\Users\Lix\Desktop\Security
2015-12-17 16:19 - 2014-05-19 20:38 - 00000000 ____D C:\Windows\Minidump
2015-12-16 18:40 - 2014-03-28 17:29 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerApp.exe
2015-12-16 18:40 - 2014-03-28 17:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows
 
\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 18:28 - 2015-06-18 11:41 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-15 23:24 - 2014-03-28 18:43 - 00000000 ____D C:\Users\Lix\AppData\Roaming\DVDVideoSoft
2015-12-15 23:24 - 2014-03-28 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\DVDVideoSoft
2015-12-15 20:10 - 2015-06-12 18:15 - 00000000 ____D C:\Users\Lix\AppData\Local\AVG Web TuneUp
2015-12-14 17:40 - 2015-05-25 15:48 - 00000000 ____D C:\Users\Lix\AppData\Local\Avg
2015-12-05 18:20 - 2014-03-28 17:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-05 18:20 - 2014-03-28 17:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-05 18:19 - 2014-03-27 22:01 - 00000000 ____D C:\ProgramData\Adobe
2015-12-03 18:56 - 2014-03-28 22:35 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-12-02 13:18 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-30 19:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources
2015-11-30 19:38 - 2014-03-27 19:08 - 00000000 ____D C:\Users\Lix
2015-11-30 19:24 - 2014-03-27 21:25 - 00000000 ____D C:\Users\Lix\AppData\Roaming\Adobe
2015-11-30 19:23 - 2014-03-27 19:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
Some files in TEMP:
====================
C:\Users\Lix\AppData\Local\Temp\avguirn_08373585025.exe
C:\Users\Lix\AppData\Local\Temp\avguirn_08596686901.exe
C:\Users\Lix\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Lix\AppData\Local\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 12:31
 
==================== End of FRST.txt ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 26 December 2015 - 08:58 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKU\S-1-5-21-9550187-3546826477-2711852638-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
hxxps://mysearch.avg.com/search?cid={585B7E5B-B789-4B1F-83D0-71602006A627}&mid=951b4914e81547d2b61641affc25a193-d98721e17b756a05a014d291a867bb73dfdf9ed0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615av&pr=fr&d=2015-06-12 19:14:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log for my review.

I also need to the the Addition.txt log that was created by the Farbar tool.

Please post it.

How is the computer running now?

#6 LadyS

LadyS
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:21 AM

Posted 26 December 2015 - 02:50 PM

Hi again! 
 
Please see below the fixlog. See also attached the addition text.

 

Hard to say given the short timeframe between doing the fixlog and replying, but I don't see any significant change in the computer speed. I thought it worked better after the first step that I followed (your first post) but it was actually without improvement as my computer still froze and continued to be slow. It seems that sometimes it works almost as usual, and some other time, it just doesn't....  

Fixlog: 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Lix (2015-12-26 13:41:56) Run:1
Running from C:\Users\Lix\Desktop
Loaded Profiles: Lix (Available Profiles: Lix)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKU\S-1-5-21-9550187-3546826477-2711852638-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
hxxps://mysearch.avg.com/search?cid={585B7E5B-B789-4B1F-83D0-71602006A627}&mid=951b4914e81547d2b61641affc25a193-d98721e17b756a05a014d291a867bb73dfdf9ed0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615av&pr=fr&d=2015-06-12 19:14:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-9550187-3546826477-2711852638-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
hxxps://mysearch.avg.com/search?cid={585B7E5B-B789-4B1F-83D0-71602006A627}&mid=951b4914e81547d2b61641affc25a193-d98721e17b756a05a014d291a867bb73dfdf9ed0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615av&pr=fr&d=2015-06-12 19:14:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms} => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File] => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
EmptyTemp: => 2.2 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-26 13:45:28)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 13:45:28 ====

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 27 December 2015 - 09:07 AM

Check the integrity of your Hard Disk.

Run this command from the DOS prompt chkdsk /f Notice the space after chkdsk...

Refer to this page for additinal information on the chkdsk command.

http://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

Any improbement?

#8 LadyS

LadyS
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:21 AM

Posted 28 December 2015 - 04:11 PM

Hi

 

There are no errors from the disk check. 

 

The computer seems to be OK for now but will monitor for a week and make a new post if there are any issues.

 

If you do not see anything else that is suspicious then this can be closed off.

 

Thank you for your time :)



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 29 December 2015 - 08:20 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
I will leave this topic open for 6 days.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 04 January 2016 - 02:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users