Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer extremely slow please help!


  • This topic is locked This topic is locked
29 replies to this topic

#1 a-zA-Z0-9_-

a-zA-Z0-9_-

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 06 April 2016 - 10:31 PM

I have a hp touchsmart tm2 with intel core i3cpu at 1.33 ghz with 6 gbs ram with windows 7. Recently it has become extremely slow, some web pages wont load. Whenever I try to watch a movie on netflix (if I can get it to open that is) the movie just buffers forever. Video games are laggy like they just freeze up and nothing moves except me. And now I cant update my superantispyware for some reason. I'm not sure if this is a virus or not. I have run Ccleaner several times, ran 2 disc defrags and 2 disc cleanups and scanned with malwarebytes and AVG. Both come up with nothing. Sorry if I posted this in the wrong place, new to the forums. Thanks so much!



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 07 April 2016 - 03:44 AM

Hello a-zA-Z0-9_- and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

 

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan


Edited by satchfan, 07 April 2016 - 11:26 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 April 2016 - 10:59 AM

I cant select "Clean" in Adwcleaner, only scan and the uninstall button.



#4 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 07 April 2016 - 11:17 AM

Sorry if that was unlear. You have to choose Scan first as there is nothing to "clean" until a scan is run. When the scan is finished, leave everything checked, (ticked) and then hit Clean.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 April 2016 - 11:30 AM

Ah ok, but I ran it and it didnt have anything to clrean.



#6 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 07 April 2016 - 11:33 AM

Please continue with all the instructions and post all the logs so that I get a complete view of what is going on.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 April 2016 - 11:46 AM

Heres the JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Tim (Administrator) on Thu 04/07/2016 at 12:42:23.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 40 
 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\053F0YXE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F015P27 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J39XG4M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BHL5P90 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K4Q8HUC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VOGAISQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RJ17SBT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BU20FTG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JIHU5AJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RQB1YHL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSXFOXEM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7RBPMM7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNWL4HC8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J50QC6YA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLVNAC6Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V944JYWT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\053F0YXE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F015P27 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1J39XG4M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BHL5P90 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K4Q8HUC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VOGAISQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RJ17SBT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BU20FTG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JIHU5AJ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RQB1YHL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CSXFOXEM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7RBPMM7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNWL4HC8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J50QC6YA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLVNAC6Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V944JYWT (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/07/2016 at 12:44:50.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST.txt :
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Tim (administrator) on TIM-PC (07-04-2016 13:10:44)
Running from C:\Users\Tim\Downloads
Loaded Profiles: Tim (Available Profiles: Tim)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2177166902-3769875228-771924737-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2177166902-3769875228-771924737-1000\...\MountPoints2: {cce58282-83fa-11e5-ad25-806e6f6e6963} - E:\SETUP.EXE
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{369BD825-619E-4B43-A9D8-FBB902035095}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6B7DCFBF-4838-4365-8C84-760417204900}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\aupe42gy.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Adblock Plus) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR Extension: (Abstract-Blue) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-11-22]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-09]
CHR Extension: (Topography) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\giigmfllkbnekpcfdckipcdkdpinhpgl [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (My Chrome Theme) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-11-09]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (To Do List) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhieleigbmmonbckblbeodlmlihacjco [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-10]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (AdBlock) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-09]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-09]
 
Opera: 
=======
OPR Extension: (Adblock Plus) - C:\Users\Tim\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-04-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4584208 2016-03-29] (AVG Technologies CZ, s.r.o.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-12] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-07 13:10 - 2016-04-07 13:11 - 00019924 _____ C:\Users\Tim\Downloads\FRST.txt
2016-04-07 13:10 - 2016-04-07 13:10 - 00000000 ____D C:\FRST
2016-04-07 13:08 - 2016-04-07 13:09 - 02374144 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2016-04-07 12:44 - 2016-04-07 12:44 - 00007081 _____ C:\Users\Tim\Desktop\JRT.txt
2016-04-07 12:40 - 2016-04-07 12:41 - 01610352 _____ (Malwarebytes) C:\Users\Tim\Downloads\JRT.exe
2016-04-07 11:53 - 2016-04-07 11:55 - 03119168 _____ C:\Users\Tim\Downloads\adwcleaner_5.109 (1).exe
2016-04-06 21:06 - 2016-04-06 21:06 - 00003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2016-04-06 20:57 - 2016-04-06 20:57 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-04-06 20:57 - 2016-04-06 20:57 - 00002208 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-04-06 20:57 - 2016-04-06 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
2016-04-06 20:57 - 2016-03-29 12:06 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-04-06 20:57 - 2016-03-29 11:53 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-04-06 20:57 - 2016-03-29 11:53 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-04-06 20:02 - 2016-04-06 20:05 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tim\Downloads\AVG_PCTuneUp_877.exe
2016-04-06 19:49 - 2016-04-07 11:56 - 00000000 ____D C:\AdwCleaner
2016-04-06 19:45 - 2016-04-06 19:48 - 03119168 _____ C:\Users\Tim\Downloads\adwcleaner_5.109.exe
2016-04-05 03:51 - 2016-04-05 03:51 - 00002722 _____ C:\Users\Tim\Documents\startup.txt
2016-04-02 22:37 - 2016-04-02 22:37 - 00003828 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1459651068
2016-04-02 22:37 - 2016-04-02 22:37 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2016-04-02 22:37 - 2016-04-02 22:37 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-02 22:37 - 2016-04-02 22:37 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Opera Software
2016-04-02 22:37 - 2016-04-02 22:37 - 00000000 ____D C:\Users\Tim\AppData\Local\Opera Software
2016-04-02 21:48 - 2016-04-03 14:28 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-02 21:48 - 2016-04-02 21:48 - 00725424 _____ (Opera Software) C:\Users\Tim\Downloads\OperaSetup.exe
2016-04-01 06:33 - 2016-04-01 06:34 - 01651479 _____ C:\Users\Tim\Downloads\OptiFine_1.9.0_HD_U_B1.jar
2016-03-30 22:18 - 2016-03-30 22:18 - 00108118 _____ C:\Users\Tim\Downloads\Celldiv4.dcr
2016-03-26 21:10 - 2016-03-26 21:10 - 23430352 _____ (Ant Media, s. r. o. ) C:\Users\Tim\Downloads\gameload.exe
2016-03-26 16:11 - 2016-03-26 16:11 - 00000000 ____D C:\Users\Tim\AppData\Roaming\.mono
2016-03-24 09:14 - 2016-03-24 09:14 - 00043656 _____ C:\Users\Tim\Downloads\servantleadership march 2016.pdf
2016-03-20 22:59 - 2016-03-20 22:59 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Adobe
2016-03-20 22:59 - 2016-03-20 22:59 - 00000000 ____D C:\Users\Tim\AppData\Local\CEF
2016-03-20 04:10 - 2016-03-20 04:10 - 00000464 _____ C:\Users\Tim\Documents\cc_20160320_041000.reg
2016-03-17 19:24 - 2016-03-17 19:24 - 00000350 _____ C:\Users\Tim\Documents\TristamBeastMode.mp4.lvix
2016-03-16 14:57 - 2016-03-16 14:59 - 19080497 _____ C:\Users\Tim\Documents\TristamBeastMode.mp4
2016-03-16 07:37 - 2016-03-16 07:37 - 00043527 _____ C:\Users\Tim\Downloads\Ecclesiastes_English_ReadingPlan.pdf
2016-03-14 19:10 - 2016-03-14 19:10 - 00007680 _____ C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-14 16:05 - 2016-03-14 16:05 - 00000000 ____D C:\Users\Tim\.MCTranscodingSDK
2016-03-14 16:04 - 2016-04-03 14:40 - 00000000 ____D C:\Users\Public\Documents\Lightworks
2016-03-14 16:04 - 2016-03-14 16:05 - 00002076 _____ C:\Users\Public\Desktop\Lightworks x64 (12.6).lnk
2016-03-14 16:04 - 2016-03-14 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2016-03-14 16:04 - 2016-03-14 16:04 - 00000000 ____D C:\ProgramData\Geevs
2016-03-14 16:02 - 2016-03-14 16:05 - 00000000 ____D C:\Program Files\Lightworks
2016-03-14 16:02 - 2016-03-14 16:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 15:59 - 2016-03-14 16:01 - 73511992 _____ (Lightworks) C:\Users\Tim\Downloads\lightworks_v12.6.0_full_64bit_setup.exe
2016-03-14 15:28 - 2016-03-14 15:28 - 00000564 _____ C:\Users\Tim\Documents\starburn.txt
2016-03-14 15:28 - 2016-03-14 15:28 - 00000000 ____D C:\ProgramData\Wondershare
2016-03-14 15:26 - 2016-03-14 15:26 - 00000000 ____D C:\Users\Tim\AppData\Local\Wondershare
2016-03-14 15:25 - 2016-03-14 15:51 - 00000000 ____D C:\Users\Tim\Documents\Wondershare Filmora
2016-03-14 15:22 - 2016-03-14 15:25 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-03-14 15:21 - 2016-03-14 15:21 - 00966728 _____ C:\Users\Tim\Downloads\filmora_setup_full846.exe
2016-03-14 15:18 - 2016-03-14 15:18 - 00000020 _____ C:\Windows\€ùÊ
2016-03-14 14:59 - 2016-03-14 14:59 - 00007866 _____ C:\Users\Tim\Documents\My Movie.wlmp
2016-03-14 14:23 - 2016-03-14 14:23 - 00007842 _____ C:\Users\Tim\Documents\Tristam.wlmp
2016-03-13 20:00 - 2016-03-14 12:06 - 00022022 _____ C:\Users\Tim\Documents\IsaiahHemphill.wlmp
2016-03-13 17:06 - 2016-03-14 12:07 - 00011858 _____ C:\Users\Tim\Documents\Isaac.wlmp
2016-03-13 16:26 - 2016-03-14 10:24 - 00011007 _____ C:\Users\Tim\Documents\AChip.wlmp
2016-03-11 22:11 - 2016-03-11 22:11 - 00030557 _____ C:\Users\Tim\Downloads\Type Russian letters - online Russian keyboard.html
2016-03-11 22:11 - 2016-03-11 22:11 - 00000000 ____D C:\Users\Tim\Downloads\Type Russian letters - online Russian keyboard_files
2016-03-11 02:23 - 2016-03-11 02:23 - 00013480 _____ C:\Users\Tim\Downloads\Team_Contacts.xlsx
2016-03-10 14:22 - 2016-03-10 14:22 - 00028589 _____ C:\Users\Tim\Downloads\church roster B42 updated jan 16.xlsx
2016-03-10 12:32 - 2016-03-10 12:32 - 00021724 _____ C:\Users\Tim\Documents\fighting.wlmp
2016-03-08 21:34 - 2016-03-08 21:44 - 00004545 _____ C:\Users\Tim\Documents\Epic Clutch.wlmp
2016-03-08 14:35 - 2016-03-24 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-08 00:55 - 2016-03-08 12:35 - 00005548 _____ C:\Users\Tim\Documents\C-ops.wlmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-07 12:39 - 2015-11-09 18:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 12:25 - 2015-11-09 11:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-07 11:15 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-07 11:15 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-07 07:25 - 2015-11-09 11:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-07 06:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-07 06:33 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 06:32 - 2015-11-06 16:40 - 00000000 ____D C:\ProgramData\MFAData
2016-04-07 06:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-06 21:33 - 2015-12-15 06:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-06 21:06 - 2016-01-23 18:23 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-04-06 21:06 - 2015-11-09 12:01 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2016-04-06 21:06 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-06 20:57 - 2015-11-06 16:41 - 00000000 ____D C:\ProgramData\Avg
2016-04-06 20:57 - 2015-11-06 16:41 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-06 20:57 - 2015-11-06 16:40 - 00000000 ____D C:\Users\Tim\AppData\Local\AvgSetupLog
2016-04-06 20:57 - 2015-11-06 16:40 - 00000000 ____D C:\Users\Tim\AppData\Local\Avg
2016-04-06 14:30 - 2016-01-27 14:33 - 00001133 _____ C:\Users\Tim\Desktop\nativelog.txt
2016-04-06 13:39 - 2015-11-11 11:51 - 00000000 ____D C:\Users\Tim\AppData\Roaming\.minecraft
2016-04-05 11:35 - 2015-12-04 12:54 - 00000000 ____D C:\Users\Tim\Documents\Bandicam
2016-04-03 14:06 - 2015-11-09 20:29 - 00000000 ____D C:\Users\Tim\AppData\Local\Unity
2016-04-01 04:01 - 2015-12-15 06:21 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-01 04:01 - 2015-12-15 06:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-30 19:27 - 2015-11-09 11:09 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-23 21:39 - 2015-11-09 18:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-23 21:39 - 2015-11-06 16:35 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-23 21:39 - 2015-11-06 16:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-20 22:59 - 2015-11-06 16:25 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2016-03-20 22:59 - 2015-11-06 04:36 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Adobe
2016-03-20 08:58 - 2015-11-11 14:45 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2016-03-15 17:50 - 2009-07-14 00:45 - 00298752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-14 16:05 - 2015-11-05 13:31 - 00000000 ____D C:\Users\Tim
2016-03-14 16:03 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-14 15:28 - 2015-11-05 14:11 - 00065192 _____ C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-14 15:26 - 2009-07-14 00:57 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-14 15:21 - 2015-11-30 15:02 - 00000000 ____D C:\Users\Tim\AppData\Local\Windows Live
2016-03-11 22:31 - 2015-11-06 16:45 - 00000936 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-03-11 22:31 - 2015-11-06 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-10 16:56 - 2016-02-11 23:27 - 00000000 ___RD C:\Users\Tim\Documents\Scanned Documents
2016-03-10 14:09 - 2015-12-15 06:21 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2015-12-15 06:21 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2015-12-15 06:21 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-08 16:01 - 2015-11-06 16:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2016-03-14 19:10 - 2016-03-14 19:10 - 0007680 _____ () C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-29 01:03
 
==================== End of FRST.txt ============================
 
Addition.txt :
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Tim (2016-04-07 13:11:32)
Running from C:\Users\Tim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-11-05 17:31:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2177166902-3769875228-771924737-500 - Administrator - Disabled)
Guest (S-1-5-21-2177166902-3769875228-771924737-501 - Limited - Disabled)
Tim (S-1-5-21-2177166902-3769875228-771924737-1000 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.32.2.3320 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.32.5 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.4.2.905 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Opera Stable 36.0.2130.46 (HKLM-x32\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {3B891769-0759-49EE-9FA0-CC6343EEEEA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {8D1877C0-E7F4-4897-8FC8-F3D3FD9703EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)
Task: {9DCA9A32-4EE6-4CDB-AEBC-BB716B0AEC67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {BA3B554D-DDE7-456B-8175-3BEA6A3E79DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-09] (Google Inc.)
Task: {D345FD28-5678-402F-85FB-F9FF41029AE5} - System32\Tasks\Opera scheduled Autoupdate 1459651068 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
Task: {D90464B1-14CB-427E-8D5B-E411AB8A1F24} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {F1CCF55F-B1C8-4DF0-B7AF-876EF5F3F352} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-30 19:27 - 2016-03-27 03:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-30 19:27 - 2016-03-27 03:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2177166902-3769875228-771924737-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1BDFE1F5-528A-424E-94FA-0C59FE32478B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{36ABD935-1C20-40D7-A94C-BCC0C4F68D5D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{44CB111C-6EB0-4694-B599-306099E51F70}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CB763861-5653-477A-898F-D191E250EA4C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{CAE34554-E3F8-4D69-B5EF-1D7B3F787BB0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{F3574730-9807-49D1-8727-F8566917A7B2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{831F1853-1909-47A4-ABE2-2B43E94CF15C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{286722E5-CCAC-40FA-B871-2919767245C4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{FF51C1EB-AB89-44B0-8DE2-E62DAD563A30}C:\users\tim\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tim\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E67960C3-01D4-4F00-AAE9-281D450EBF91}C:\users\tim\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tim\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2F424F7F-BE28-4C23-96AE-5C769AF46728}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FA55A056-8081-4EE4-8B8F-3DACC6E12950}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{B6668D38-3559-4A50-9162-D273C79740D4}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{FA430B3C-5671-4F1A-BC03-3EF0B9D61EBA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1B13F6C8-A004-41DA-A847-3B8F41E90D72}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A0A58988-CB3E-4FA3-85A0-6CD8DFADC95F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3CF55159-1D29-4E98-9CB3-5C36D80DD30D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0751F461-6089-4F48-8FB7-5C063A3AB9D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8B6F272F-805F-448C-8E61-74F42A5EA14D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{30F55E53-B143-43AE-BF05-CB44A464CE27}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{03FC6735-6154-4D83-A15D-314FF51FD49D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DA53DC1D-1544-4727-9179-CEC1831795F7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{47F61CAC-EB36-48F2-82B2-912FD1B486E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{62FC8892-BED2-4F41-A670-73EA3589053B}C:\program files\lightworks\ntcardvt.exe] => (Allow) C:\program files\lightworks\ntcardvt.exe
FirewallRules: [UDP Query User{3D1C7FA3-83DD-4C75-9DF2-365A8621B817}C:\program files\lightworks\ntcardvt.exe] => (Allow) C:\program files\lightworks\ntcardvt.exe
FirewallRules: [{0E1963D5-7F4E-4E73-B460-F4997A6E568C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-04-2016 09:27:20 Scheduled Checkpoint
07-04-2016 12:42:23 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/07/2016 12:42:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/07/2016 09:27:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/07/2016 06:30:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2016 10:41:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2016 09:23:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x560a0083
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0x17b8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (04/06/2016 07:56:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2016 04:17:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2016 10:51:52 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/06/2016 10:51:52 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/06/2016 10:51:52 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (04/07/2016 06:28:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/06/2016 10:40:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/06/2016 09:50:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/06/2016 09:50:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/06/2016 09:50:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/06/2016 09:50:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/06/2016 09:50:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/06/2016 07:54:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (04/06/2016 07:53:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (04/06/2016 07:53:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU U 380 @ 1.33GHz
Percentage of memory in use: 32%
Total physical RAM: 5941.86 MB
Available physical RAM: 4024.7 MB
Total Virtual: 14851.07 MB
Available Virtual: 12829.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:401.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B39BB0D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by a-zA-Z0-9_-, 07 April 2016 - 12:15 PM.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 07 April 2016 - 12:39 PM

Thanks for the logs. In future, please don't use "Edit" to include new logs - post another reply. Thanks.

 

I'll be busy for a few hours but will check your FRST log as soon as I can.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 April 2016 - 12:48 PM

Thank you - I will be away from my computer for 7 hours myself but will check in when I get home. I appreciate you help.



#10 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 07 April 2016 - 04:51 PM

I can't see any infections in your logs,

 

AVG is known to be a bit of a strain on the system. Try disabling AVG and see if there is any improvement.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 07 April 2016 - 06:38 PM

Everything is still very slow.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 08 April 2016 - 02:54 AM

Is this in Chrome or in all browsers?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 April 2016 - 07:05 AM

Chrome and Opera are really slow, but for some reason internet explorer is faster, but still slow. And its not just browsers that have slowed down. Games have as well. And like I said earlier I cant update superantispyware anymore. Now that I think about it I noticed everything getting slower when I downloaded this thing called GameLoad to chrome and it started acting weird so I uninstalled it. Dont know if its what caused it but it might have. But like I said not just browsers are effected by it. And whenever I go into task manager my cpu usage will sometimes fluctuate like crazy like from 50% usage to 99 to 80 to 40.


Edited by a-zA-Z0-9_-, 08 April 2016 - 07:22 AM.


#14 satchfan

satchfan

  • Malware Response Team
  • 2,862 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:52 PM

Posted 08 April 2016 - 09:09 AM

You have a mountain of extensions under various profiles in Chrome some of which are bound to slow things down but that wouldn't slow Firefox as well.

Let’s run a different tool.

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8, 10 right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    emptyclsid;
    
  • make sure that the Scan All Users option is checked
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Please post the zoek-results.log.

Thanks

Satchfan


 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 a-zA-Z0-9_-

a-zA-Z0-9_-
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 April 2016 - 02:08 PM

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Tim on Fri 04/08/2016 at 14:07:05.31.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tim\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
4/8/2016 2:13:22 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\Tim\AppData\Local\Skype deleted successfully
C:\Users\Tim\AppData\Local\Unity deleted successfully
C:\Users\Tim\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\aupe42gy.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20160408_0233_.backup
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Tim\AppData\Local\Wondershare deleted
C:\Users\Tim\AppData\LocalLow\Unity deleted
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\aupe42gy.default\Yahoo Inc deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\aupe42gy.default
user_pref("browser.search.defaultenginename.US", "Google");
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Abstract-Blue - Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa
AdBlock - Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AdBlock - Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom
To Do List - Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhieleigbmmonbckblbeodlmlihacjco
AdBlock - Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AdBlock - Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Tim\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully
C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Profile 6\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=240 folders=115 471542219 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tim\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Tim\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 04/08/2016 at 15:05:42.76 ======================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users