Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is crashing and super slow, but can't find virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 spalladino25

spalladino25

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 09 March 2016 - 10:19 PM

I keep running into performance issues. It's running like it's infected, but can't find any viruses. Please help. Thanks.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by bob (administrator) on BOB-HP (09-03-2016 22:09:48)
Running from C:\Users\bob\Downloads
Loaded Profiles: bob (Available Profiles: bob)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE
(Spotify Ltd) C:\Users\bob\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7461480 2011-09-08] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-20] (Avast Software s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Run: [Spotify Web Helper] => C:\Users\bob\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-04] (Spotify Ltd)
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Run: [Spotify] => C:\Users\bob\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-04] (Spotify Ltd)
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-07] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B745D4B7-57ED-469B-BFB8-A4983B90CEFF}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {5E5C050B-0D63-42AD-B6CB-9B5F79342796} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> {40E662BD-161A-4225-B123-042492FB8B8D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-07] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-03-09] (Oracle Corporation)
BHO-x32: Fantapper -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-07] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-03-09] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-06-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1420523357-3488395053-7185236-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\bob\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-12] (Skype Limited)
FF Extension: RivalGaming  - C:\Users\bob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-08-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-07] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\bob\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-09]
CHR Extension: (Avast Online Security) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-15]
CHR Extension: (Skype) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\bob\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\Fantapper.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\bob\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-07] (Avast Software s.r.o.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [174176 2012-11-08] (Sony Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-13] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-07] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-16] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NUMARK_NS7II_MIDI; C:\Windows\System32\drivers\ns7ii_midi.sys [33536 2013-05-15] (Numark)
S3 NUMARK_NS7II_USB; C:\Windows\System32\Drivers\ns7ii_usb.sys [466688 2013-05-15] (Ploytec GmbH)
S3 NUMARK_NS7II_WDM; C:\Windows\System32\drivers\ns7ii_wdm.sys [55552 2013-05-15] (Numark)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-09-02] (Corel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 22:09 - 2016-03-09 22:10 - 00025033 _____ C:\Users\bob\Downloads\FRST.txt
2016-03-09 22:09 - 2016-03-09 22:09 - 00000000 ____D C:\FRST
2016-03-09 22:08 - 2016-03-09 22:09 - 02374144 _____ (Farbar) C:\Users\bob\Downloads\FRST64.exe
2016-03-09 20:42 - 2016-03-09 20:42 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-09 20:42 - 2016-03-09 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-04 23:11 - 2016-03-04 23:11 - 00193982 _____ C:\Users\bob\Downloads\EligibilityNotice.pdf
2016-02-18 23:46 - 2016-02-18 23:46 - 00000000 ____D C:\Users\bob\AppData\Local\YSearchUtil
2016-02-18 23:46 - 2016-02-18 23:46 - 00000000 ____D C:\Program Files (x86)\Yahoo!
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 21:49 - 2016-01-25 19:31 - 00000000 ____D C:\Users\bob\AppData\Local\Spotify
2016-03-09 21:49 - 2016-01-25 19:30 - 00000000 ____D C:\Users\bob\AppData\Roaming\Spotify
2016-03-09 21:46 - 2012-08-06 23:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-09 21:43 - 2013-10-12 00:22 - 00000000 ____D C:\Users\bob\AppData\Roaming\Skype
2016-03-09 21:31 - 2013-05-12 14:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 21:27 - 2012-06-21 20:08 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1420523357-3488395053-7185236-1000UA.job
2016-03-09 20:42 - 2015-08-02 19:56 - 00000000 ____D C:\Users\bob\AppData\Local\Skype
2016-03-09 20:42 - 2013-10-12 00:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-09 20:42 - 2011-12-28 16:21 - 00000000 ____D C:\ProgramData\Skype
2016-03-09 20:39 - 2016-01-21 21:09 - 00000000 ____D C:\Users\bob\.oracle_jre_usage
2016-03-09 20:38 - 2015-08-02 19:53 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-09 20:38 - 2015-08-02 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-09 20:37 - 2015-08-02 19:53 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-09 20:35 - 2012-07-12 23:24 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-09 20:30 - 2013-06-16 00:21 - 00000000 ____D C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-09 20:30 - 2013-06-16 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-09 20:30 - 2013-06-16 00:20 - 00000000 ____D C:\Program Files\WinRAR
2016-03-09 20:16 - 2011-12-28 16:38 - 00000000 ____D C:\ProgramData\PDFC
2016-03-09 20:05 - 2016-01-21 21:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 19:54 - 2015-07-13 21:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-09 19:53 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-09 19:52 - 2013-05-12 14:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 19:23 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-09 19:23 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-09 19:21 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-09 19:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-03-09 19:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-05 02:00 - 2012-08-22 14:39 - 00000000 ____D C:\Users\bob\AppData\Local\Adobe
2016-03-05 01:44 - 2012-05-28 21:36 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FB67B179-2E8A-4051-BB96-65C1141A234B}
2016-03-04 22:22 - 2013-10-03 23:04 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-26 02:44 - 2013-05-12 14:14 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-26 02:44 - 2013-05-12 14:14 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 22:29 - 2012-06-19 15:06 - 00000000 ____D C:\Users\bob\AppData\Roaming\vlc
2016-02-18 12:26 - 2012-06-21 20:08 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1420523357-3488395053-7185236-1000Core.job
2016-02-14 23:46 - 2012-08-06 23:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-14 23:46 - 2012-06-25 16:55 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-14 23:46 - 2011-12-28 16:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-05-08 19:04 - 2013-05-08 19:04 - 0007611 _____ () C:\Users\bob\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\bob\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\bob\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\bob\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\bob\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\bob\AppData\Local\Temp\vlc-2.1.2-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-01 20:15
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 10 March 2016 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Fantapper -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll => No File
Toolbar: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-15]
CHR HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\bob\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-07]
CHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\Fantapper.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\bob\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <not found>
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

p.s.
Please post the Addition.txt file that was created by the Farbar tool for my review.

Please let me know what problem persists with this computer.

#3 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 10 March 2016 - 09:54 PM

Farbar completely crashed my computer. I had to restart it manually, so no log was created. What should I do now?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 11 March 2016 - 09:50 AM

The system crashed while you were running the filx.
I do not think that Farbar is at fault.

===

Can you download and run the AdwCleaner tool?

If all goes well try the Farbar fix again.

I will suggest that you change the location of the Farbar tool
It's presently running from this folder in bold. C:\Users\bob\Downloads

Copy or move the Farbar .exe file to your Desktop.
Copy or move the Fixlist.txt file you crated to your Desktop also.

Run the Farbar fix I suggested from the Desktop.

Post the log if you can.

p.s.
I really need to see the Addition.txt file that was created by the Farbar tool.
Please post it.

#5 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 14 March 2016 - 09:41 PM

AdwCleaner froze my computer as well. It wouldn't complete the cleanup.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 15 March 2016 - 07:59 AM

All the programs you run crashes your computer.
It's probablyr caused by some hardware problems, RAM etc...

If you have added some hardware and the problem started afterward check it out.

http://windows.microsoft.com/en-ca/windows7/open-the-hardware-and-devices-troubleshooter

===

Check your RAM
http://windows.microsoft.com/en-ca/windows7/diagnosing-memory-problems-on-your-computer

==

If all is well then please download and run this tool.

Who Crashed.

http://www.resplendence.com/whocrashed


Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Copy and paste the results in your next reply.

#7 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 15 March 2016 - 04:25 PM

Ok, this is what it said.

 

Computer name: BOB-HP
Windows version: Windows 7 Service Pack 1, 6.1, build: 7601
Windows dir: C:\Windows
Hardware: 120-1123w, Hewlett-Packard, Quanta, 2AC7
CPU: AuthenticAMD AMD E-450 APU with Radeon™ HD Graphics AMD586, level: 20
2 logical processors, active mask: 3
RAM: 3880407040 bytes total


 

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer
 

Conclusion

Crash dumps are enabled but no valid crash dumps have been found. In case you are experiencing system crashes, it may be that crash dumps are prevented from being written out. Check out the following article for possible causes: If crash dumps are not written out.



Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. 


Oh and the other scans were ok. They said everything was fine.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 16 March 2016 - 08:42 AM

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
==

Check for Missing or bad drivers.

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Add/Remove programs applet when all is well.

#9 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 16 March 2016 - 06:43 PM

I did everything you asked and it seems to be running a little better. Is there anything else I should do?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 17 March 2016 - 06:50 AM

Were you able to complete all of my suggested fixes?

===

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

#11 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 17 March 2016 - 11:08 AM

Here is Farbar scan and Adwcleaner. They both worked this time arounds.

 

Addition

 

 Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by bob (2016-03-09 22:11:19)
Running from C:\Users\bob\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-29 02:30:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
9CE214C28F9C45C59CE3 (S-1-5-21-1420523357-3488395053-7185236-1003 - Limited - Enabled)
Administrator (S-1-5-21-1420523357-3488395053-7185236-500 - Administrator - Disabled)
bob (S-1-5-21-1420523357-3488395053-7185236-1000 - Administrator - Enabled) => C:\Users\bob
Guest (S-1-5-21-1420523357-3488395053-7185236-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1420523357-3488395053-7185236-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.1 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digidesign ElevenRack Driver 1.0.8 (x64) (HKLM\...\{DFE96CF0-A611-40C4-AE24-2E4C21E3FF3E}) (Version: 1.0.8 - Digidesign)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free DigiRack Plug-Ins 8.0.3 (HKLM-x32\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 8.0.3 - Digidesign, A Division of Avid Technology, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.4 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Ingeo Imaging Utility (HKLM\...\{5929E4DA-00B5-451E-8538-175D6ACD1355}) (Version: 4.11.1.13948 - Corporation Service Company)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.12 - PACE Anti-Piracy)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
M-Audio FastTrack Driver 6.0.6 (x64) (HKLM\...\{91A8C38A-0239-11E0-9658-189EDFD72085}) (Version: 6.0.6 - M-Audio)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\MyFreeCodec) (Version:  - )
NS7II USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deNumarkNS7II) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6456 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Serato DJ  (HKLM-x32\...\{5a323321-5ba4-4a1c-89e7-e9a92a792215}) (Version: 1.7.6.2583 - )
Serato DJ  (x32 Version: 1.7.6.2583 - Serato) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Sound Organizer (HKLM-x32\...\{53F7486D-41B5-4117-8914-A85B0DBDDC07}) (Version: 1.4.0.11260 - Sony Corporation)
Spotify (HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Download Manager (HKLM-x32\...\{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}) (Version: 16 - SupportSoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{B29DEFF3-258A-416E-BDBB-27B326B4FE71}) (Version: 8.0.2362.0 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vz In Home Agent (HKLM-x32\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1420523357-3488395053-7185236-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B1FF7B3-6176-499E-869A-62B106FC5748} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1420523357-3488395053-7185236-1000Core => C:\Users\bob\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {2F0BA048-F18E-4A9C-ABF6-DE3B8363820A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {420DA36E-98CC-47DC-8042-B886C90AAD87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4BD36A45-5F84-489F-8892-282F2A8BF9A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {4FC5B146-DCD3-44ED-B614-5AF60399166F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-14] (Adobe Systems Incorporated)
Task: {56664980-EE58-457D-9BA0-D3A59616F8C5} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {69420400-544F-480F-AC82-5B196C4AB60B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {6BB99BE2-4D83-4EBA-89A8-B7271874CE54} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)
Task: {6FB38428-AC78-4B27-AFE7-E2BE791B113B} - System32\Tasks\AdobeAAMUpdater-1.0-bob-HP-bob => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-25] (Adobe Systems Incorporated)
Task: {7B8C7EDE-B1CF-4737-9CE7-39B2645913EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {7C48F422-4890-4622-9737-DF3B68974818} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {82D07DE3-0F2E-41E9-8B49-04A1EF70FC26} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] ()
Task: {9AE13F63-2B74-406B-AC20-3DCAD26C772B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {AB2AF0F0-D5B7-4B28-8640-87A9A06699E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.)
Task: {B5711F9D-CBCD-47BD-A148-7FB46F99FD9D} - System32\Tasks\{CBE25AEE-F8F8-41B2-B08A-6BF907F4F134} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {BBC89A42-420E-418F-903F-8F0C35DA42C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {BD562AFD-5F92-49E1-A49B-4B5EC5EBD167} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {BEBB03B1-B13A-46D3-837B-E43A59C9B514} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1420523357-3488395053-7185236-1000UA => C:\Users\bob\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D3723F0C-46AF-4962-A0A6-67A7F252CBB2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {E0DD4519-2DED-4917-90D9-23894909A714} - System32\Tasks\{27B8E189-9535-4AC5-950F-848D1D7C47AF} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {FFB2A855-C891-4623-B685-3EBB1C520996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1420523357-3488395053-7185236-1000Core.job => C:\Users\bob\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1420523357-3488395053-7185236-1000UA.job => C:\Users\bob\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-13 13:17 - 2015-06-13 13:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2011-12-28 16:20 - 2009-02-27 22:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
2015-06-13 13:16 - 2015-06-13 13:16 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-06-07 01:14 - 2015-06-07 01:14 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-07 01:14 - 2015-06-07 01:14 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-04 22:22 - 2016-03-04 22:22 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030401\algo.dll
2016-03-09 19:16 - 2016-03-09 19:16 - 02838528 _____ () C:\Program Files\AVAST Software\Avast\defs\16030901\algo.dll
2015-06-09 21:36 - 2015-06-09 21:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-06-07 01:14 - 2015-06-07 01:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-28 16:20 - 2009-02-19 20:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2016-02-26 02:43 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-26 02:43 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft:5fOPloocdfpKI1yGD18P9xe [2122]
AlternateDataStreams: C:\ProgramData\Microsoft:EgTKEXzrxKYYb1EJZ6cyEGgpIGUE [2184]
AlternateDataStreams: C:\ProgramData\Microsoft:sP9lSZLmV6SVvSyzclK7QQS [2432]
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8 [118]
AlternateDataStreams: C:\Users\bob\Local Settings:78T9CPxZ9NULmA4IzxKcXPzff [2156]
AlternateDataStreams: C:\Users\bob\Local Settings:r4z3wra5bebcwTW9ZUdMsSQB [2254]
AlternateDataStreams: C:\Users\bob\Local Settings:s97Zui5Mp80DYrpaZPasL8mj [588]
AlternateDataStreams: C:\Users\bob\AppData\Local:78T9CPxZ9NULmA4IzxKcXPzff [2156]
AlternateDataStreams: C:\Users\bob\AppData\Local:r4z3wra5bebcwTW9ZUdMsSQB [2254]
AlternateDataStreams: C:\Users\bob\AppData\Local:s97Zui5Mp80DYrpaZPasL8mj [588]
AlternateDataStreams: C:\Users\bob\AppData\Local\Application Data:78T9CPxZ9NULmA4IzxKcXPzff [2156]
AlternateDataStreams: C:\Users\bob\AppData\Local\Application Data:r4z3wra5bebcwTW9ZUdMsSQB [2254]
AlternateDataStreams: C:\Users\bob\AppData\Local\Application Data:s97Zui5Mp80DYrpaZPasL8mj [588]
AlternateDataStreams: C:\Users\bob\AppData\Local\Temp:e26I0eCbO9sLnpydoHNbr [2400]
AlternateDataStreams: C:\Users\bob\AppData\Local\Temp:hvby1YVvI6qa7TY8zlQAFnilMc [1978]
AlternateDataStreams: C:\Users\bob\AppData\Local\Temporary Internet Files:5GFFdf7HKzTI3mqdVdIHgXL [1762]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\erecording.com -> erecording.com
IE trusted site: HKU\S-1-5-21-1420523357-3488395053-7185236-1000\...\ingeo.com -> ingeo.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-09-28 01:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\bob\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\bob\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 266772cbdb5147d08ba6d5343d638ed2-bbe84c35b657e0ecfc869b19acfb89c42fdb0779 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{76597605-D30C-493F-87B2-818AC4B282FA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{5AFF5C9C-BF08-4F8D-A119-68ACAE030A29}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{C7B3920C-D05B-4562-8E1E-582A7E1EA636}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{EE3FC342-872E-475E-A3B4-D0054C3CE07F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{5E2CBE7D-A526-4669-9973-7D5103519823}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{6304FB7A-950F-44BB-82F2-909EF9C2B382}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{9EB63E77-CB7E-44AF-86EB-D0F78C3AA64E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{19D2ADCF-B081-4CDB-ACBB-0E0C1A655634}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{ABCECABB-5A6F-40CD-ACCE-D27EDAFFE119}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5538B363-6DE4-42C5-AC82-D5DCC64C1229}] => (Allow) LPort=2869
FirewallRules: [{CF4BB2E5-8564-49E0-9CAB-6C7794BDDD68}] => (Allow) LPort=1900
FirewallRules: [{16B1BD41-FB0E-472C-A2E9-1C5E1DE3EDA4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{99DCCBA1-01B2-42A1-8969-78664F6AF505}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{A11E8C5E-A946-415B-8083-CD72E4C2A8D9}G:\techwizard.exe] => (Allow) G:\techwizard.exe
FirewallRules: [UDP Query User{99B8685B-758F-41A9-92B2-243926BC7926}G:\techwizard.exe] => (Allow) G:\techwizard.exe
FirewallRules: [{BCF588C6-AD5A-46F1-902D-702F4B4810D0}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{862FC287-D52A-48C3-86EF-E57258B1D3CD}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{A6C500BD-9CE5-451B-B5A9-4FD0E70EA7A0}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{F0A07F13-7BF8-4D58-A0B2-F776AD41AC89}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [TCP Query User{835D911C-6175-405A-9392-1B0AA370D036}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [UDP Query User{F0C73FCF-AB4B-485A-B591-9174AFB2650F}C:\program files (x86)\imesh applications\imesh\imesh.exe] => (Block) C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{201B4806-428B-45CD-9781-415C917409B1}] => (Allow) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [{D7FCDFF2-59A0-4E24-B9E6-C4E1ECF93AA4}] => (Allow) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
FirewallRules: [TCP Query User{B0CE33E9-F5BC-4DA5-9067-F81BF40EE902}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Block) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [UDP Query User{38552551-3303-469E-94C2-29F1C93DD913}C:\program files (x86)\1clickdownload\1clickdownloader.exe] => (Block) C:\program files (x86)\1clickdownload\1clickdownloader.exe
FirewallRules: [{2E259AA2-D316-4215-B310-31BF12537C86}] => (Allow) C:\Users\bob\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{95845F7D-05F9-40A7-BC95-DAA22ED36178}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{967CF3CF-36C6-493C-9DCF-DAF4F16B50C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{A2967EB1-9479-4FC0-9F45-2B58B7E5867A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{8986A18D-14F7-4C29-8FC2-073CE5ECE1B3}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E35F8477-A0EE-4C59-9DAB-3D80B1E35979}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{E0A1BBFE-4329-48CC-BB5A-453EE426473D}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{4F39E33E-00AD-40DA-BEA7-95C5E07B7FD6}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{F473FC06-25C4-444C-89A3-7FAEBACD5083}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{A3161C39-2CE3-4BDA-899F-520B84D8DE94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B934F9-E978-4C6D-AC40-F518E7E039D2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A07593B9-E1AD-43D8-86A2-22C7FF5FB6B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A21F2267-20C4-48A9-A64B-BDFD697A991B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6176DCE-8207-488C-B3B6-C1A8ABB70B5E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{CD8A440F-D124-4D9D-8083-D382A726960B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{05D9420A-4D2F-4E09-A302-7B87746F7272}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{2EA729F1-8129-4EB6-A1F1-F386B7FA53D9}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{39D421D2-40A0-461F-9240-B0E6125E89FD}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bob\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7244958C-3EB1-4D32-88D1-665365DCD0D9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F21B6F74-3082-43D5-8C5F-BBC859BFC5D4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{E2ACA1D7-4C4A-4EA9-85E0-896E3D1EF1CC}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\bob\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8CE5468E-7523-4FC0-9B6F-5F8F61FD1264}C:\users\bob\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\bob\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58328C6F-BDCA-40C3-AF69-9F9315FCEA0D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11BB5FF5-AA95-41F0-8C14-73AD792EFBE6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
 
==================== Restore Points =========================
 
08-02-2016 13:51:29 Scheduled Checkpoint
18-02-2016 23:18:02 Scheduled Checkpoint
01-03-2016 20:22:54 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 08:33:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avastui.exe version 10.2.2218.944 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 119c
 
Start Time: 01d17a671526fa47
 
Termination Time: 60000
 
Application Path: C:\Program Files\AVAST Software\Avast\avastui.exe
 
Report Id: e013f1b4-e65f-11e5-9dc4-047d7b876721
 
Error: (03/09/2016 08:04:57 PM) (Source: MsiInstaller) (EventID: 1024) (User: bob-HP)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (03/09/2016 07:26:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (03/05/2016 12:42:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/04/2016 10:32:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (03/04/2016 02:52:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/01/2016 08:19:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/01/2016 12:12:33 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (02/26/2016 02:36:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (02/19/2016 12:32:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
 
System errors:
=============
Error: (03/09/2016 07:16:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (03/09/2016 07:15:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Digidesign MME Refresh Service service failed to start due to the following error: 
%%2
 
Error: (03/04/2016 10:21:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (03/04/2016 10:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Digidesign MME Refresh Service service failed to start due to the following error: 
%%2
 
Error: (03/03/2016 11:04:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: 
%%1068
 
Error: (03/03/2016 11:04:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error: 
%%1053
 
Error: (03/03/2016 11:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (03/03/2016 11:03:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Service Agent service failed to start due to the following error: 
%%1053
 
Error: (03/03/2016 11:03:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Service Agent service to connect.
 
Error: (03/03/2016 11:02:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Digidesign MME Refresh Service service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2013-09-27 17:34:20.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-27 17:34:20.349
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-450 APU with Radeon™ HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3700.64 MB
Available physical RAM: 1105.06 MB
Total Virtual: 7399.48 MB
Available Virtual: 3202.58 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:914.49 GB) (Free:41.73 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.93 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9E98AB9A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Fixlog
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by bob (2016-03-17 11:27:05) Run:3
Running from C:\Users\bob\Desktop
Loaded Profiles: bob (Available Profiles: bob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Fantapper -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll => No File
Toolbar: HKU\S-1-5-21-1420523357-3488395053-7185236-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Extension: (Avast Online Security) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-15]
CHR HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\bob\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-07]
CHR HKLM-x32\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\Fantapper.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\bob\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx <not found>
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A86D350-37AB-410A-8531-7D1363F317B3}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{8A86D350-37AB-410A-8531-7D1363F317B3}" => key removed successfully
HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => not found.
C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKU\S-1-5-21-1420523357-3488395053-7185236-1000\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => key removed successfully
DigiRefresh => service removed successfully
vToolbarUpdater15.5.0 => service not found.
EmptyTemp: => 1.7 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-17 11:33:45)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 11:33:46 ====
 
Adwcleaner log
 
# AdwCleaner v5.102 - Logfile created 17/03/2016 at 11:39:03
# Updated 13/03/2016 by Xplode
# Database : 2016-03-16.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : bob - BOB-HP
# Running from : C:\Users\bob\Downloads\adwcleaner_5.102 (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\bob\AppData\Local\YSearchUtil
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
 
***** [ Files ] *****
 
File Found : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eiimolhnbbbdagljikeckdkldgemmmlj
File Found : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff
File Found : C:\Users\bob\AppData\LocalLow\SkwConfig.bin
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D15809AA-50CF-4EE0-BCC9-E91A681BEFD3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D15809AA-50CF-4EE0-BCC9-E91A681BEFD3}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\DefaultTab
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
Key Found : HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\APN PIP
Key Found : HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\Myfree Codec
Key Found : HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-1420523357-3488395053-7185236-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\AVG Secure Search
Key Found : HKU\S-1-5-18\Software\DefaultTab
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\DefaultTab
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BCF588C6-AD5A-46F1-902D-702F4B4810D0}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{862FC287-D52A-48C3-86EF-E57258B1D3CD}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A6C500BD-9CE5-451B-B5A9-4FD0E70EA7A0}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F0A07F13-7BF8-4D58-A0B2-F776AD41AC89}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{835D911C-6175-405A-9392-1B0AA370D036}C:\program files (x86)\imesh applications\imesh\imesh.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{F0C73FCF-AB4B-485A-B591-9174AFB2650F}C:\program files (x86)\imesh applications\imesh\imesh.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{201B4806-428B-45CD-9781-415C917409B1}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D7FCDFF2-59A0-4E24-B9E6-C4E1ECF93AA4}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E35F8477-A0EE-4C59-9DAB-3D80B1E35979}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E0A1BBFE-4329-48CC-BB5A-453EE426473D}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4F39E33E-00AD-40DA-BEA7-95C5E07B7FD6}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F473FC06-25C4-444C-89A3-7FAEBACD5083}]
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [446 bytes] - [14/03/2016 22:14:10]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [6788 bytes] - [14/03/2016 22:06:01]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [5549 bytes] - [17/03/2016 11:39:03]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [5642 bytes] ##########
 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 17 March 2016 - 01:22 PM

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Disable Windows Defender, keep only Avast.
===

If not already done run the AdwCleaner tool and clean everything found.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

AlternateDataStreams: C:\ProgramData\Microsoft:5fOPloocdfpKI1yGD18P9xe [2122]
AlternateDataStreams: C:\ProgramData\Microsoft:EgTKEXzrxKYYb1EJZ6cyEGgpIGUE [2184]
AlternateDataStreams: C:\ProgramData\Microsoft:sP9lSZLmV6SVvSyzclK7QQS [2432]
AlternateDataStreams: C:\ProgramData\Temp:FB1B13D8 [118]
AlternateDataStreams: C:\Users\bob\Local Settings:78T9CPxZ9NULmA4IzxKcXPzff [2156]
AlternateDataStreams: C:\Users\bob\Local Settings:r4z3wra5bebcwTW9ZUdMsSQB [2254]
AlternateDataStreams: C:\Users\bob\Local Settings:s97Zui5Mp80DYrpaZPasL8mj [588]
AlternateDataStreams: C:\Users\bob\AppData\Local:78T9CPxZ9NULmA4IzxKcXPzff [2156]
AlternateDataStreams: C:\Users\bob\AppData\Local:r4z3wra5bebcwTW9ZUdMsSQB [2254]
AlternateDataStreams: C:\Users\bob\AppData\Local:s97Zui5Mp80DYrpaZPasL8mj [588]
AlternateDataStreams: C:\Users\bob\AppData\Local\Application Data:78T9CPxZ9NULmA4IzxKcXPzff [2156]
AlternateDataStreams: C:\Users\bob\AppData\Local\Application Data:r4z3wra5bebcwTW9ZUdMsSQB [2254]
AlternateDataStreams: C:\Users\bob\AppData\Local\Application Data:s97Zui5Mp80DYrpaZPasL8mj [588]
AlternateDataStreams: C:\Users\bob\AppData\Local\Temp:e26I0eCbO9sLnpydoHNbr [2400]
AlternateDataStreams: C:\Users\bob\AppData\Local\Temp:hvby1YVvI6qa7TY8zlQAFnilMc [1978]
AlternateDataStreams: C:\Users\bob\AppData\Local\Temporary Internet Files:5GFFdf7HKzTI3mqdVdIHgXL [1762]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any remaining issues?

#13 spalladino25

spalladino25
  • Topic Starter

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 17 March 2016 - 02:13 PM

It's running much better. CPU usage is down other then when I run programs that take up a lot of resources. It's not slow anymore either. Thanks for your help. I really appreciate it.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 18 March 2016 - 06:09 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:56 PM

Posted 24 March 2016 - 09:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users