Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC very slow to start up, and slow to open most software


  • This topic is locked This topic is locked
13 replies to this topic

#1 Fluffy

Fluffy

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 11 September 2016 - 03:50 AM

Hello Bleeping staff,

 

I suspect I have another virus. My laptop is extremely slow to start up these days, and also quite slow in opening most software or even the internet. I can't even put my pc into hibernate, because I'm scared it won't 'wake up' afterward. It takes at least a few minutes for the black screen to turn to the welcome screen, and a few days ago I had to reboot because it never did turn on properly. I have defrag set to run weekly, so that's not an issue. I've only used half the memory my computer has, so I doubt that's it, either.

 

I don't see anything too unusual in processes (task manager). That leaves me with a virus or malware, or maybe a hardware issue, right? I'm using a Gateway NV57H13u, 4 GB memory, intel core i3-2310M, running Windows 7.

 

I have Avast, which never seems to find much when I run a scan, although I do find it useful for blocking suspicious websites from popping up. I ran Malware bytes, which found a few minor threats but didn't fix the problem. I still have most of the other software I can download from ya'll, but I'm not sure where to start first.

 

Any advice?

 

Kind regards,

Heather

 

 


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 15 September 2016 - 08:48 AM

Greetings Heather and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 15 September 2016 - 08:08 PM

Dear Gary,

 

Thank you for your help. :)

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Heather (15-09-2016 19:54:25)
Running from C:\Users\Heather\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-04 08:16:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-744858339-710463176-958911846-500 - Administrator - Disabled)
Guest (S-1-5-21-744858339-710463176-958911846-501 - Limited - Disabled)
Heather (S-1-5-21-744858339-710463176-958911846-1001 - Administrator - Enabled) => C:\Users\Heather
HomeGroupUser$ (S-1-5-21-744858339-710463176-958911846-1040 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Agency 33 (HKLM-x32\...\BFG-Agency 33) (Version:  - )
aioprnt (Version: 5.7.4.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.0.2.0 - Your Company Name) Hidden
Alganon (HKLM-x32\...\Alganon2.7.0.2510) (Version: 2.7.0.2510 - Quest Online)
Amazon Add to Wish List IE Extension 1.2 (HKLM-x32\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ArtMoney SE v7.38 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.38 - System SoftLab)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
Awakening Kingdoms (HKLM-x32\...\BFG-Awakening Kingdoms) (Version:  - )
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Best Buy pc app (HKLM\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.2.0.0 - Best Buy)
Best Buy pc app (HKLM-x32\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.2.0.0 - Best Buy)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
calibre (HKLM-x32\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.0.0 - Canon Inc.)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Click-N-Ship® for Business (HKLM-x32\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 4.0.54.0 - United States Postal Service)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Curse Client (HKU\S-1-5-21-744858339-710463176-958911846-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dragon Nest (HKLM-x32\...\Steam App 11610) (Version:  - Eyedentity Games Inc.)
Drawn™: Trail of Shadows Collector's Edition (HKLM-x32\...\BFG-Drawn - Trail of Shadows Collector's Edition) (Version:  - )
Easy Card Creator (HKLM-x32\...\{E2A932B8-A1D0-4386-B77E-5E3C6D0398A5}) (Version: 5.20.46.10 - Easy Trinity)
eMusic Download Manager 6 (HKLM-x32\...\eMusic Download Manager 6) (Version: 6.0.3 - emusic.com)
EQ5 (HKLM-x32\...\InstallShield_{4CA6A2DF-A805-4E40-95A9-CC8FE86DC742}) (Version: 1.00.0000 - Electric Quilt Company)
EQ5 (x32 Version: 1.00.0000 - Electric Quilt Company) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Farm Frenzy Inc. (HKLM-x32\...\BFG-Farm Frenzy Inc.) (Version:  - )
Farm Up (HKLM-x32\...\BFG-Farm Up) (Version:  - )
FastStone Image Viewer 3.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 3.7 - FastStone Soft)
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
FLV2PC v5.9.0 (HKLM-x32\...\FLV2PC_is1) (Version: 5.9.0 - )
Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version:  - )
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
Free the Witch (HKLM-x32\...\BFG-Free the Witch) (Version:  - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3004 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.1022.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GrandParker Casino (HKLM-x32\...\GrandParker) (Version:  - Topgame)
Gummy Drop! (HKLM-x32\...\BFG-Gummy Drop!) (Version:  - )
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8520 - CyberLink Corporation)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
ID Photo Maker 3.0 Build 213 (HKLM-x32\...\ID Photo Maker_is1) (Version:  - idphotomaker.com)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
JNLP (HKU\S-1-5-21-744858339-710463176-958911846-1001\...\JNLP) (Version:  - JNLP)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Kodak AIO Printer (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 6.2.6.20 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Gateway)
LG Verizon United Drivers (HKLM-x32\...\{C6A4A9B1-D8AC-46E4-B143-72FE9B8173A3}) (Version: 2.5.0 - LG Electronics)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Player Utilities 4.41 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.41 -  )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Singing Monsters (HKLM-x32\...\BFG-My Singing Monsters) (Version:  - )
My Tribe 1.00 (HKLM-x32\...\My Tribe 1.00) (Version:  - )
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.3.0 - Nexon)
Nightmare Realm: In the End...  Collector's Edition (HKLM-x32\...\BFG-Nightmare Realm - In the End Collector's Edition) (Version:  - )
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Photo Crop Editor 1.14 (HKLM-x32\...\{53D11164-C10F-4B66-9FB1-260C141C5F25}) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PreReq (x32 Version: 6.2.2.60 - Eastman Kodak Company) Hidden
Prius Online (HKLM-x32\...\Prius Online) (Version: 1.05 - Prius Anima)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuiltAssistant (HKLM-x32\...\QuiltAssist) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Relic Rescue (HKLM-x32\...\BFG-Relic Rescue) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
RIFT (HKU\S-1-5-21-744858339-710463176-958911846-1001\...\RIFT) (Version:  - Trion Worlds, Inc.)
RIFT PTS (HKLM-x32\...\Glyph RIFT PTS) (Version:  - Trion Worlds, Inc.)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.61 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sunken Secrets (HKLM-x32\...\BFG-Sunken Secrets) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tasty Planet: Back for Seconds (HKLM-x32\...\BFG-Tasty Planet - Back for Seconds) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
True Fear: Forsaken Souls Collector's Edition (HKLM-x32\...\BFG-True Fear - Forsaken Souls Collector's Edition) (Version:  - )
Unity Web Player (All users) (HKLM-x32\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Virtual Families 2: Our Dream House (HKLM-x32\...\BFG-Virtual Families 2 - Our Dream House) (Version:  - )
Virtual Villagers: New Believers (HKLM-x32\...\BFG-Virtual Villagers - New Believers) (Version:  - )
Virtual Villagers: The Lost Children (HKLM-x32\...\BFG-Virtual Villagers The Lost Children) (Version:  - )
Virtual Villagers: The Secret City (HKLM-x32\...\BFG-Virtual Villagers - The Secret City) (Version:  - )
Virtual Villagers: The Tree of Life (HKLM-x32\...\BFG-Virtual Villagers - The Tree of Life) (Version:  - )
Wanderland (HKLM-x32\...\BFG-Wanderland) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-744858339-710463176-958911846-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BC0E863-01EB-4998-A48C-A112AE2A4F88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2FFA7F58-B42C-4607-B49F-9B822B63EEF1} - System32\Tasks\avastBCLRestartS-1-5-21-744858339-710463176-958911846-1001 => Firefox.exe
Task: {68E51042-C583-4B2A-B3DC-06B8CD491108} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {6AEE06AD-327E-4DC9-99F4-9FB2380AB5C8} - System32\Tasks\{C0F9827B-13C6-4232-8ACB-227670DF25B5} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.59.102/en/abandoninstall?page=tsProgressBar
Task: {6D5C5374-B77B-4A30-9EFC-5647C93E8A57} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9A6B6CAF-F53C-45DE-9BB3-BFD804AB606C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9B3C5891-9AB0-4DA1-ADD7-694015BB38B5} - System32\Tasks\{10DA1114-3CD4-465D-96EE-F1F37ADB0BDC} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.59.102/en/abandoninstall?page=tsProgressBar
Task: {A781626D-5FD3-41C7-9025-31FC058FA071} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-05] (AVAST Software)
Task: {CC108691-9A3F-449B-B3C6-37ACC65BAA0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {CD57400C-9155-493C-9826-6D92469824A5} - System32\Tasks\{2889F589-B89F-4D4E-97B4-61E86485D815} => C:\Users\Heather\Desktop\rune_free.exe
Task: {D365FE4B-2637-4CCA-9BD8-D271F3F13401} - System32\Tasks\SafeZone scheduled Autoupdate 1473058600 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {DC338555-C748-44E4-9917-6FF5235C3112} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {DDB8FF5A-BC2C-43E0-B1E9-3A40363045B4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-744858339-710463176-958911846-1001

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Heather\Desktop\games\Lаunсh АLGАNОN.lnk -> C:\Program Files (x86)\Alganon\Launcher.bat ()

ShortcutWithArgument: C:\Users\Heather\Desktop\Universe\Games\Virtual Families.lnk -> C:\Remote Programs\Virtual Families\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=636250&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Heather\Desktop\games\Play Magic Farm 2 The Fairy Lands.lnk -> C:\Remote Programs\Magic Farm 2 The Fairy Lands\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=750750&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default
ShortcutWithArgument: C:\Users\Heather\Desktop\games\Play Virtual Families.lnk -> C:\Remote Programs\Virtual Families\GPlrLanc.exe (Exent Technologies Ltd.) -> -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&AppId=636250&RunIndex=1&PrvId=143&AcID=&OpenShInIE=0&PrvDir=Default

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-21 03:54 - 2011-03-25 19:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-01 18:15 - 2015-02-10 16:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2013-06-14 22:16 - 2010-03-30 10:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2016-09-05 02:05 - 2016-09-05 02:05 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-05 02:05 - 2016-09-05 02:05 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-13 14:21 - 2016-09-13 14:21 - 03085112 _____ () C:\Program Files\AVAST Software\Avast\defs\16091303\algo.dll
2016-09-15 06:26 - 2016-09-15 06:26 - 03085624 _____ () C:\Program Files\AVAST Software\Avast\defs\16091500\algo.dll
2011-02-15 13:37 - 2011-02-15 13:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2011-02-15 13:36 - 2011-02-15 13:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2011-02-15 13:37 - 2011-02-15 13:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2014-08-28 17:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-28 17:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-28 17:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-16 19:16 - 2014-10-16 19:16 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-04-21 03:08 - 2010-09-13 20:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-12-01 18:15 - 2015-02-18 15:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2013-12-17 11:31 - 2013-12-17 11:31 - 00491520 _____ () C:\Program Files (x86)\Canon\EOS Utility\EDSDK.dll
2016-07-11 11:58 - 2016-07-11 11:59 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:036B81D9 [170]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:19C541B5 [476]
AlternateDataStreams: C:\ProgramData\Temp:27F44544 [227]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:39CB2031 [388]
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4 [222]
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB [464]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:58E38390 [128]
AlternateDataStreams: C:\ProgramData\Temp:5C92988B [191]
AlternateDataStreams: C:\ProgramData\Temp:60C897F3 [214]
AlternateDataStreams: C:\ProgramData\Temp:61A065F2 [486]
AlternateDataStreams: C:\ProgramData\Temp:669AB5E1 [129]
AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42 [175]
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8 [148]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [190]
AlternateDataStreams: C:\ProgramData\Temp:7C76EAF6 [191]
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639 [185]
AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4 [191]
AlternateDataStreams: C:\ProgramData\Temp:AC543948 [190]
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71 [137]
AlternateDataStreams: C:\ProgramData\Temp:B761039D [177]
AlternateDataStreams: C:\ProgramData\Temp:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [190]
AlternateDataStreams: C:\ProgramData\Temp:CCD8056E [120]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [121]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [217]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-744858339-710463176-958911846-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-29 09:21 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-744858339-710463176-958911846-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50AED1E7-DC7A-43E2-8831-DC528E83AEF2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ECA3E329-AF93-4B5C-A6B2-2630BE03C1EF}] => (Allow) LPort=2869
FirewallRules: [{81E8BABE-19A1-49B1-A075-00491B76560D}] => (Allow) LPort=1900
FirewallRules: [{558F8EC2-FB00-4C12-BF4C-FDC71F5E1714}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9227A24F-0675-4EB7-B662-FF7EE254E1C2}] => (Allow) C:\Program Files (x86)\CyberLink\HomeMedia\HomeMedia.exe
FirewallRules: [{F1F588D0-C31F-456F-973E-01AD8FEBBFA0}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{526FAD71-B748-4E52-BD03-00AE9BE027B8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{36518732-06F4-4544-9B3F-479CB9A6EAFC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D139CD52-FADB-4DA6-9B21-00DA1942D177}] => (Allow) LPort=9322
FirewallRules: [{81024342-55A3-49F8-AF03-D54562008516}] => (Allow) LPort=5353
FirewallRules: [{715F347C-3905-4136-8ED7-D43BED7EAB58}] => (Allow) LPort=9322
FirewallRules: [{36A8062E-C0E6-4965-A6AF-BC9647C8EE43}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{94AEE793-3AB9-40C0-A530-9EF81D092949}C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{2E3A0263-FF62-4CBB-8F30-20A2F28CB5A8}C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{124AB23D-19AD-4EEA-9763-FC6F76422679}C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{7DD83D9E-D966-425E-B39D-D4C1B2988EA4}C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\heather\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{67CD6D9C-8E16-49AD-ABC3-CEB550A8954A}] => (Allow) C:\Program Files (x86)\Avid\Studio\programs\RM.exe
FirewallRules: [{1D7F8BAB-B904-4D51-A82F-53E114F82090}] => (Allow) C:\Program Files (x86)\Avid\Studio\programs\RM.exe
FirewallRules: [{1473A533-7053-48AF-A8E3-76D82F2002B6}] => (Allow) C:\Program Files (x86)\Avid\Studio\programs\NGStudio.exe
FirewallRules: [{BED57306-FA17-47D4-9B93-A51B35411FA5}] => (Allow) C:\Program Files (x86)\Avid\Studio\programs\NGStudio.exe
FirewallRules: [{22E2DEDB-A9D8-4278-A91F-566C9F5178D1}] => (Allow) C:\Program Files (x86)\Avid\Studio\programs\UMI.exe
FirewallRules: [{51F75129-9AD3-4550-A49C-6287F7920669}] => (Allow) C:\Program Files (x86)\Avid\Studio\programs\UMI.exe
FirewallRules: [{D1F930EC-ABD0-46FC-8B3A-18052F2B4867}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DCCFC3D7-5627-497E-AC13-F57EF9A84140}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7A285CEE-776D-456E-97F4-1F57A760540A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FF1F8270-0A33-4C8B-B413-895E84EDF849}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5D22F2EF-8FE1-4E98-992F-60921A5F868A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{DD3D8AC4-0FE7-4555-9609-99FF1D80C285}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{F0130EC5-6BC5-4462-86CB-87470A02F321}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D4219B83-769D-4AD9-8C1B-0A4120F948C6}] => (Allow) C:\Nexon\DragonNest\DragonNest.exe
FirewallRules: [{98AAC947-007E-4A6B-BDE1-C8A4063993F1}] => (Allow) C:\Nexon\DragonNest\DragonNest.exe
FirewallRules: [TCP Query User{BE5EC6DF-2C21-4939-9699-158B13350048}C:\users\heather\desktop\rune_free.exe] => (Allow) C:\users\heather\desktop\rune_free.exe
FirewallRules: [UDP Query User{9A5362A6-BC78-4E56-99C7-127F66F5F3DA}C:\users\heather\desktop\rune_free.exe] => (Allow) C:\users\heather\desktop\rune_free.exe
FirewallRules: [TCP Query User{ADC39648-758B-4C34-B08F-E536934A012E}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{BE9B4013-7345-4E0F-A14A-7514A93A3CA2}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{44858DCA-B75E-4223-B8C6-87D21C13C2C8}C:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe] => (Allow) C:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe
FirewallRules: [UDP Query User{449920E0-9045-4904-AEDA-A202956EF5CF}C:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe] => (Allow) C:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe
FirewallRules: [{15D0C88B-0548-4710-9203-14C938CE29B1}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{18278997-2273-4795-9B32-E8AB4D34DD34}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{EA853233-0571-4C12-805B-33DE6B0C2661}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D0658536-DE13-435A-BDFA-9CF5F0FA1A73}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8047F937-C305-4711-B791-7A7A620B83FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{BB585B7D-7492-4B27-9F3E-B399C1AE69C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{DE9D8D5C-2F53-48A1-8507-A7F6C0500DF6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{CDF25455-9BF0-41EB-B5FD-5A56B24BA4BA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{B29B9A50-458C-4B03-9781-668E8228CC55}] => (Allow) C:\Program Files (x86)\Alganon\Launcher.exe
FirewallRules: [{B5AC9761-FC66-401A-A89A-63E9A8052ACF}] => (Allow) C:\Program Files (x86)\Alganon\Launcher.exe
FirewallRules: [{4285E204-74FB-4B90-9338-C07EDE9C23E1}] => (Allow) C:\Program Files (x86)\Alganon\Repair.exe
FirewallRules: [{F8D86038-DDDE-4A3E-AC56-D824674EE0DF}] => (Allow) C:\Program Files (x86)\Alganon\Repair.exe
FirewallRules: [{8AA9FA9B-887D-467D-8915-904C7F3497E0}] => (Allow) C:\Program Files (x86)\Alganon\Alganon.exe
FirewallRules: [{E022A77A-05FA-4FCE-A5F2-C0075583584F}] => (Allow) C:\Program Files (x86)\Alganon\Alganon.exe
FirewallRules: [{09FDBB8B-F924-44E9-9B52-3DFB9E67A1DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{5948EB7B-58AF-4A32-B06C-48B7D3CAA812}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{06EF3220-6319-4B0C-939E-35D6C95D1B13}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{21B79AFF-A214-4878-B6AD-E98ABC15B55E}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{AD1B3E16-A8B8-4200-B76A-4A30D8831944}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{D0133FD2-A2C4-4E92-8611-20CCA6DD0E26}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe] => (Allow) C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe
FirewallRules: [UDP Query User{C1D683EF-27F2-4AEA-A627-CC4478245A7E}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe] => (Allow) C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe
FirewallRules: [TCP Query User{46BC2DC5-4B2A-4240-B786-5527C5933A8F}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [UDP Query User{A2E3368E-F773-402B-A3B2-B8FF03E4A385}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe
FirewallRules: [{9699C8EC-F80D-4A6A-9179-459324455671}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{A49D05B9-D181-4438-9352-C2D870E42134}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [TCP Query User{CD7B0327-B0DA-4514-A669-8CA2C2FAAB52}C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe
FirewallRules: [UDP Query User{797F4A7D-A7EB-4B57-99E0-FED5E75D6F8B}C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\jp2launcher.exe
FirewallRules: [TCP Query User{EA055BD4-A867-49D2-946D-0438600BD02D}C:\users\heather\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\heather\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{804155ED-AFCF-4F31-B790-D2349C2E4492}C:\users\heather\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\heather\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [{1B9DAF39-1EB2-4A88-A5FE-52A90660F8C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E07800F2-5469-4785-98DE-7E3F4F0C06CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7D9AFDA-982A-4AA3-B543-6E80E6939B5A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6D76AD9-B5BD-4C3E-92BA-15E222069C8B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{26FDD9EB-9FF2-4EE8-BB03-E25842F0E38E}C:\users\heather\appdata\local\temp\9ff7.tmp] => (Block) C:\users\heather\appdata\local\temp\9ff7.tmp
FirewallRules: [UDP Query User{2C1974A6-F1F1-4444-9A61-C17798722B2F}C:\users\heather\appdata\local\temp\9ff7.tmp] => (Block) C:\users\heather\appdata\local\temp\9ff7.tmp
FirewallRules: [TCP Query User{CDDF586C-95A5-4F9B-8D01-A4EFC2295F5D}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{F535FCCE-6BE4-4B83-B93E-DC5FA6D296C8}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [{3C54B540-F35F-4586-99C7-3C04F4F558CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3664827-6329-4A96-8F2C-7A8BE5ACA49D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF05068F-4775-445E-B4E4-94120974CFFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C0F84425-4407-40E5-93DF-F3973F8FB774}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5F85D6FE-4225-4412-AB19-B12760E3B617}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{644B9935-9CB2-4E4C-999E-524AB609C4ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{0D4F367E-74BD-45EE-AB54-A8063BFECB98}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F0A6C648-234C-490B-B495-009681040E84}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8CB6C48D-4870-4A37-B340-8FDE24BAE3ED}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{1182CEEE-9E77-4787-88CD-AD94D72FCDD3}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{D7B076E6-BC68-4F68-9346-498F80599D69}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BB6659BA-0FEC-46A1-AE2F-54AF8AEE7F1F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7C868C15-329D-48DB-BB9A-71BBB737C9DE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{000F4F58-5C71-4F4B-8954-146078436AEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09540094-FB49-4601-9EB5-23155ED15C54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{63F5BAD5-E61B-48ED-B136-A091B3E68B04}] => (Allow) C:\Users\Heather\Desktop\instspeedfan451-65647409.exe
FirewallRules: [{DBE8D4E6-C455-4FF2-9174-361761C5031C}] => (Allow) C:\Users\Heather\Desktop\instspeedfan451-65647409.exe
FirewallRules: [{19942AA1-F785-4C13-B14B-23E7F43EE095}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{8BB52F35-0DB6-44CA-8FAF-D06F392541A1}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{12DEECF0-2D6B-4579-8100-CDB1C31FB8E0}] => (Allow) C:\Users\Heather\Desktop\New folder\Local Disk\Nexon\DragonNest\DragonNest.exe
FirewallRules: [{9C588BF3-0E1D-4B61-909D-2BFB767954F7}] => (Allow) C:\Users\Heather\Desktop\New folder\Local Disk\Nexon\DragonNest\DragonNest.exe
FirewallRules: [{36359CEE-E722-4209-9D27-0EF2838B7FE8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8DC063D9-076B-496A-B638-5CFF69788A39}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{399C40DC-E89B-4F34-8B03-342B09510505}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B2976BEE-F6C1-414E-95C3-C048DFC6053C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4B6915FE-C45C-4617-A7D2-5D17040A27D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\nxsteam.exe
FirewallRules: [{05D424B1-C389-42C0-B917-A8F0FF9A8F02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\nxsteam.exe
FirewallRules: [{57A30F50-D4DB-497E-B974-E651F6FCB30D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{71F23028-7B36-4A47-8057-50C0C2557800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{828928F1-0F77-4F7D-95DA-63BBA5F1548C}] => (Allow) C:\Program Files (x86)\Sunken Secrets\SunkenSecrets.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

14-07-2016 15:54:55 Windows Update
18-07-2016 07:23:49 Windows Update
03-08-2016 19:17:16 Windows Update
13-08-2016 08:58:05 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
13-08-2016 08:59:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
21-08-2016 09:56:08 Windows Backup
19-09-2016 20:11:31 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: X5XSEx
Description: X5XSEx
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2016 11:46:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCELC.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1408

Start Time: 01d20d62661ac68e

Termination Time: 0

Application Path: Q:\140066.enu\Office14\EXCELC.EXE

Report Id: fc6d957c-796c-11e6-a5d0-b870f4913db7

Error: (09/12/2016 04:00:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000005
Fault offset: 0x00022312
Faulting process id: 0x1160
Faulting application start time: 0x01d20d38ae80af48
Faulting application path: C:\Program Files (x86)\bfgclient\bfgclient.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: f3b9ecad-792b-11e6-a5d0-b870f4913db7

Error: (09/10/2016 02:19:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SunkenSecrets.exe, version: 1.0.0.1, time stamp: 0x57894172
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0x40000015
Fault offset: 0x000a7676
Faulting process id: 0x3d4
Faulting application start time: 0x01d2081c5e882bd3
Faulting application path: C:\Program Files (x86)\Sunken Secrets\SunkenSecrets.exe
Faulting module path: C:\Program Files (x86)\Sunken Secrets\MSVCR120.dll
Report Id: 6e978e6e-778b-11e6-a5d0-b870f4913db7

Error: (09/09/2016 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13808959

Error: (09/09/2016 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13808959

Error: (09/09/2016 06:13:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/09/2016 06:13:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13807914

Error: (09/09/2016 06:13:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13807914

Error: (09/09/2016 06:13:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/09/2016 06:13:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13806915


System errors:
=============
Error: (09/09/2016 06:13:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

Error: (09/08/2016 08:23:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (09/06/2016 01:28:47 AM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (09/06/2016 01:23:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/06/2016 01:23:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (09/06/2016 01:22:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/06/2016 01:22:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (09/06/2016 01:21:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
0612aa6a1f351eb1ace46c126d0a82f6

Error: (09/06/2016 01:21:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx_Pr143 service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/06/2016 01:21:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X5XSEx service failed to start due to the following error:
The system cannot find the path specified.


CodeIntegrity:
===================================
  Date: 2016-09-05 01:55:38.274
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-05 01:55:38.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-29 17:19:27.534
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-29 17:19:27.253
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 60%
Total physical RAM: 3947.86 MB
Available physical RAM: 1563.11 MB
Total Virtual: 7893.93 MB
Available Virtual: 4328 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:581.07 GB) (Free:300.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1B601EB5)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
Ran by Heather (administrator) on HEATHER-PC (15-09-2016 19:52:46)
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CANON INC.) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-03-03] (Eastman Kodak Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [290112 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [BYRUA_AGENT] => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107104 2016-09-05] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
HKU\S-1-5-21-744858339-710463176-958911846-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-744858339-710463176-958911846-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-05] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-12-01]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2015-12-01]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon INC.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{A1BBF42B-196D-45D1-84DB-8532DF33E938}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-744858339-710463176-958911846-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-05] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-05] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-744858339-710463176-958911846-1001 -> is enabled.
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\39m1t247.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxps://www.google.com/search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: hxxps://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-30] (Pando Networks)
FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-744858339-710463176-958911846-1001: @emusic.com/eMusicPlugin DLM6 -> C:\Program Files (x86)\eMusic Download Manager 6\npEMusic603.dll [2013-01-16] (eMusic.com)
FF Plugin HKU\S-1-5-21-744858339-710463176-958911846-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-30] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-01-01] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-05]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-28]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-28]
CHR Extension: (avast! WebRep) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-07-28]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 132ec3ea19087105d94c5760b859ed05; C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5\93a0ca74c1847dce6b24050f5afab558.exe [497664 2016-09-05] () [File not signed] <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-05] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-05] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2015-11-24] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetdiag2; C:\Windows\System32\DRIVERS\lgvzandnetdiag264.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)
S1 0612aa6a1f351eb1ace46c126d0a82f6; system32\DRIVERS\0612aa6a1f351eb1ace46c126d0a82f6.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 19:52 - 2016-09-15 19:53 - 00022205 _____ C:\Users\Heather\Desktop\FRST.txt
2016-09-15 19:52 - 2016-09-15 19:52 - 00000000 ____D C:\Users\Heather\Desktop\FRST-OlderVersion
2016-09-15 18:35 - 2016-09-15 18:35 - 00000000 ____D C:\ProgramData\Meridian93
2016-09-15 16:19 - 2016-09-15 19:52 - 02399232 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2016-09-13 20:18 - 2016-09-13 20:18 - 00000000 ____D C:\Users\Heather\AppData\Local\{59BA6338-80AD-4765-A5F7-0C1AB43C910B}
2016-09-11 21:03 - 2016-09-11 21:03 - 00000000 ____D C:\Users\Heather\AppData\Local\{71A6DFEE-8804-447F-8C3B-6060368BDA6E}
2016-09-05 02:06 - 2016-09-05 02:05 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-05 02:05 - 2016-09-05 02:05 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-05 01:56 - 2016-09-05 07:20 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473058600
2016-09-05 01:56 - 2016-09-05 01:56 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 00:20 - 2016-09-02 00:20 - 00000000 ____D C:\Users\Heather\AppData\Local\{1E2B3D6A-F8A8-44F1-AE49-B99852399F03}
2016-09-01 12:20 - 2016-09-01 12:20 - 00000000 ____D C:\Users\Heather\AppData\Local\{9A21DE89-2C36-488E-B8A5-630DAC5D89B4}
2016-08-31 12:32 - 2016-08-31 12:32 - 00000000 ____D C:\Users\Heather\AppData\Local\{3F96E67C-B12D-44D7-87CE-1678B60CFB71}
2016-08-30 22:15 - 2016-08-30 22:16 - 00000000 ____D C:\Users\Heather\AppData\Local\{625764A9-E412-4C80-9FAC-D36EE6AD4439}
2016-08-29 21:10 - 2016-08-29 21:10 - 00000000 ____D C:\Users\Heather\AppData\Local\{1B1BDCFA-059F-48CE-8A83-94FFED326798}
2016-08-29 09:09 - 2016-08-29 09:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{A0ABD5FC-AD55-47B0-A58A-905B8FEE4B03}
2016-08-28 21:09 - 2016-08-28 21:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{D26CB60C-D525-49EE-9BE0-F3D2D64EA85E}
2016-08-28 09:08 - 2016-08-28 09:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{DDA92A70-E147-46B0-AA26-CBF810D866BB}
2016-08-27 20:56 - 2016-08-27 20:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{3B22AE00-719B-490E-A891-99D4E30A3BEA}
2016-08-27 08:56 - 2016-08-27 08:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{BDF6EDD4-7C28-4493-BAB5-F5C87320FE46}
2016-08-26 20:56 - 2016-08-26 20:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{32523D76-4314-42B4-823C-432039FFE58D}
2016-08-25 13:18 - 2016-09-15 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 06:46 - 2016-08-25 06:46 - 00000000 ____D C:\Users\Heather\AppData\Local\{2626F8DC-4D13-48FB-862D-06015CC830C5}
2016-08-23 19:11 - 2016-08-23 19:11 - 00000000 ____D C:\Users\Heather\AppData\Local\{A48A8082-7636-40CE-9CC7-8911632A43F6}
2016-08-23 07:11 - 2016-08-23 07:11 - 00000000 ____D C:\Users\Heather\AppData\Local\{FF2EE73C-3DE4-4BBB-91B4-F5AA191C7A1E}
2016-08-22 19:10 - 2016-08-22 19:10 - 00000000 ____D C:\Users\Heather\AppData\Local\{4CC35BA9-8FCC-41AC-85AB-EE2DF0CBB2B0}
2016-08-21 19:52 - 2016-08-21 19:52 - 00000000 ____D C:\Users\Heather\AppData\Local\{7BBC30FA-F991-4474-B846-E00626F79DEC}
2016-08-21 07:31 - 2016-08-21 07:31 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Amaranth Games
2016-08-20 10:34 - 2016-08-20 10:34 - 00000000 ____D C:\Users\Heather\AppData\Local\{A642375F-CE78-4CB1-9AB0-800C8956336D}
2016-08-19 17:54 - 2016-08-19 17:54 - 00001186 _____ C:\Windows\system32\exterior-architecture-modern-tropical-house-style-architecture-endearing-bulgari-villa-bali-design-with-stately-houses-and-wooden-windows-are-awesome-also-large-swimming-pool-plus-charming-garde.jpg.lnk
2016-08-19 17:51 - 2016-08-19 17:51 - 00001207 _____ C:\Windows\system32\children-bedroom-decorating-ideas-presenting-indian-red-wall-color-schemes-with-beige-finish-wooden-loft-beds-using-black-iron-staircase-and-small-nightstand-on-the-bedside-also-rectangle-grey-r.jpg.lnk
2016-08-19 17:50 - 2016-08-19 17:50 - 00001189 _____ C:\Windows\system32\bedroom-cool-furniture-bunk-beds-for-teenagers-army-nuance-captivating-awesome-bunk-beds-beautiful-and-efficient-housing-design-awesome-bunk-beds-for-adults-luxurious-bunk-bed-modern-cool-beds-f.jpg.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 19:52 - 2014-08-29 11:23 - 00000000 ____D C:\FRST
2016-09-15 19:46 - 2011-04-21 03:19 - 00000000 ____D C:\ProgramData\Temp
2016-09-15 19:12 - 2016-03-19 23:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-15 18:36 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-15 17:57 - 2014-08-27 17:10 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Meridian93
2016-09-15 17:34 - 2016-07-05 14:56 - 00000000 ____D C:\Users\Heather\Desktop\Minions
2016-09-15 17:33 - 2012-02-22 02:44 - 00000000 ____D C:\Users\Heather\Desktop\Universe
2016-09-15 10:23 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-15 10:23 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-15 07:13 - 2014-12-27 20:06 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-14 01:17 - 2013-10-20 20:20 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype
2016-09-13 14:08 - 2012-08-10 06:02 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-12 20:58 - 2011-07-10 19:48 - 00000000 ____D C:\Users\Heather\AppData\Roaming\SoftGrid Client
2016-09-12 16:00 - 2011-07-05 06:22 - 00000000 ____D C:\Users\Heather\AppData\Local\CrashDumps
2016-09-08 20:10 - 2009-07-14 00:13 - 00783464 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-08 20:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-07 07:39 - 2015-12-02 01:25 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-06 01:20 - 2011-07-05 12:49 - 00000000 ____D C:\ProgramData\Kodak
2016-09-06 01:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 03:34 - 2016-06-22 10:29 - 00000000 ____D C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5
2016-09-05 02:08 - 2012-08-10 06:02 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-05 02:06 - 2014-02-15 14:54 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-05 02:06 - 2013-07-15 21:59 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-05 02:05 - 2014-08-06 08:52 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-05 02:05 - 2013-07-15 21:59 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-05 02:05 - 2012-08-10 06:02 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-05 02:05 - 2012-08-10 06:02 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-05 02:05 - 2012-08-10 06:02 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-05 02:04 - 2016-07-11 12:00 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-09-05 02:04 - 2012-08-10 06:02 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.147379368861301
2016-09-05 01:55 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-05 01:55 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-05 01:55 - 2012-08-13 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-05 00:30 - 2014-08-28 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 00:27 - 2015-01-26 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-05 00:27 - 2015-01-26 02:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-30 22:15 - 2011-07-04 03:44 - 00000000 ____D C:\Users\Heather\AppData\Local\Windows Live Writer
2016-08-29 17:17 - 2013-10-20 20:20 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 17:16 - 2014-07-21 21:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-19 18:02 - 2011-07-04 03:16 - 00000000 ____D C:\Users\Heather\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2013-10-31 02:43 - 2013-10-31 03:09 - 0699333 _____ () C:\Users\Heather\AppData\Roaming\Alganon Setup Log.txt
2015-03-12 03:10 - 2015-03-13 00:14 - 0000236 _____ () C:\Users\Heather\AppData\Roaming\burnaware.ini
2014-12-04 03:46 - 2016-06-26 22:30 - 0000096 _____ () C:\Users\Heather\AppData\Roaming\Camdata.ini
2014-12-04 03:46 - 2016-06-26 22:30 - 0000408 _____ () C:\Users\Heather\AppData\Roaming\CamLayout.ini
2014-12-04 03:46 - 2016-06-26 22:30 - 0000408 _____ () C:\Users\Heather\AppData\Roaming\CamShapes.ini
2014-12-04 03:20 - 2016-06-26 22:30 - 0004534 _____ () C:\Users\Heather\AppData\Roaming\CamStudio.cfg
2014-12-04 03:23 - 2014-12-04 03:23 - 0000000 _____ () C:\Users\Heather\AppData\Roaming\CamStudio.Producer.Data.ini
2014-12-04 03:23 - 2014-12-04 03:23 - 0001206 _____ () C:\Users\Heather\AppData\Roaming\CamStudio.Producer.ini
2014-12-31 11:49 - 2014-12-31 11:49 - 0015872 _____ () C:\Users\Heather\AppData\Roaming\chatterer.fye
2011-11-18 22:31 - 2011-11-18 22:31 - 0000210 _____ () C:\Users\Heather\AppData\Roaming\HEATHER-PC.MTBF.txt
2014-12-04 03:14 - 2016-06-26 22:30 - 0000096 _____ () C:\Users\Heather\AppData\Roaming\version2.xml
2011-07-05 03:36 - 2008-03-27 18:18 - 0000000 _____ () C:\Users\Heather\AppData\Local\AtStart.txt
2015-03-12 03:51 - 2015-03-12 03:56 - 0000031 _____ () C:\Users\Heather\AppData\Local\burnaware.ini
2011-07-05 03:36 - 2011-04-07 13:11 - 0008484 _____ () C:\Users\Heather\AppData\Local\d3d9caps.dat
2011-07-05 03:36 - 2016-06-17 17:25 - 0013824 _____ () C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-05 03:36 - 2008-03-27 18:18 - 0000000 _____ () C:\Users\Heather\AppData\Local\DSwitch.txt
2011-07-05 03:36 - 2011-03-18 18:24 - 0007216 _____ () C:\Users\Heather\AppData\Local\installer.log
2011-07-05 06:48 - 2011-07-05 06:48 - 0001567 _____ () C:\Users\Heather\AppData\Local\PDLSetup.20110705.064818.txt
2011-07-05 03:36 - 2008-03-27 18:18 - 0000000 _____ () C:\Users\Heather\AppData\Local\QSwitch.txt
2015-01-26 04:12 - 2015-01-26 04:12 - 0007605 _____ () C:\Users\Heather\AppData\Local\Resmon.ResmonCfg
2013-04-19 17:12 - 2013-04-19 17:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-22 12:00 - 2012-05-22 12:00 - 0000154 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-19 20:04

==================== End of FRST.txt ============================

 

 

 


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 15 September 2016 - 09:01 PM

Greetings.

You are welcome for the help.

Did you install this program?

Pando Media Booster

Do you know what this is?

C:\Users\Heather\Desktop\instspeedfan451-65647409.exe

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 132ec3ea19087105d94c5760b859ed05; C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5\93a0ca74c1847dce6b24050f5afab558.exe [497664 2016-09-05] () [File not signed] <==== ATTENTION
C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5\93a0ca74c1847dce6b24050f5afab558.exe
S1 0612aa6a1f351eb1ace46c126d0a82f6; system32\DRIVERS\0612aa6a1f351eb1ace46c126d0a82f6.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
2016-09-13 20:18 - 2016-09-13 20:18 - 00000000 ____D C:\Users\Heather\AppData\Local\{59BA6338-80AD-4765-A5F7-0C1AB43C910B}
2016-09-11 21:03 - 2016-09-11 21:03 - 00000000 ____D C:\Users\Heather\AppData\Local\{71A6DFEE-8804-447F-8C3B-6060368BDA6E}
2016-09-02 00:20 - 2016-09-02 00:20 - 00000000 ____D C:\Users\Heather\AppData\Local\{1E2B3D6A-F8A8-44F1-AE49-B99852399F03}
2016-09-01 12:20 - 2016-09-01 12:20 - 00000000 ____D C:\Users\Heather\AppData\Local\{9A21DE89-2C36-488E-B8A5-630DAC5D89B4}
2016-08-31 12:32 - 2016-08-31 12:32 - 00000000 ____D C:\Users\Heather\AppData\Local\{3F96E67C-B12D-44D7-87CE-1678B60CFB71}
2016-08-30 22:15 - 2016-08-30 22:16 - 00000000 ____D C:\Users\Heather\AppData\Local\{625764A9-E412-4C80-9FAC-D36EE6AD4439}
2016-08-29 21:10 - 2016-08-29 21:10 - 00000000 ____D C:\Users\Heather\AppData\Local\{1B1BDCFA-059F-48CE-8A83-94FFED326798}
2016-08-29 09:09 - 2016-08-29 09:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{A0ABD5FC-AD55-47B0-A58A-905B8FEE4B03}
2016-08-28 21:09 - 2016-08-28 21:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{D26CB60C-D525-49EE-9BE0-F3D2D64EA85E}
2016-08-28 09:08 - 2016-08-28 09:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{DDA92A70-E147-46B0-AA26-CBF810D866BB}
2016-08-27 20:56 - 2016-08-27 20:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{3B22AE00-719B-490E-A891-99D4E30A3BEA}
2016-08-27 08:56 - 2016-08-27 08:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{BDF6EDD4-7C28-4493-BAB5-F5C87320FE46}
2016-08-26 20:56 - 2016-08-26 20:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{32523D76-4314-42B4-823C-432039FFE58D}
2016-08-25 06:46 - 2016-08-25 06:46 - 00000000 ____D C:\Users\Heather\AppData\Local\{2626F8DC-4D13-48FB-862D-06015CC830C5}
2016-08-23 19:11 - 2016-08-23 19:11 - 00000000 ____D C:\Users\Heather\AppData\Local\{A48A8082-7636-40CE-9CC7-8911632A43F6}
2016-08-23 07:11 - 2016-08-23 07:11 - 00000000 ____D C:\Users\Heather\AppData\Local\{FF2EE73C-3DE4-4BBB-91B4-F5AA191C7A1E}
2016-08-22 19:10 - 2016-08-22 19:10 - 00000000 ____D C:\Users\Heather\AppData\Local\{4CC35BA9-8FCC-41AC-85AB-EE2DF0CBB2B0}
2016-08-21 19:52 - 2016-08-21 19:52 - 00000000 ____D C:\Users\Heather\AppData\Local\{7BBC30FA-F991-4474-B846-E00626F79DEC}
2016-08-20 10:34 - 2016-08-20 10:34 - 00000000 ____D C:\Users\Heather\AppData\Local\{A642375F-CE78-4CB1-9AB0-800C8956336D}
2016-09-05 03:34 - 2016-06-22 10:29 - 00000000 ____D C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5
AlternateDataStreams: C:\ProgramData\Temp:036B81D9 [170]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:19C541B5 [476]
AlternateDataStreams: C:\ProgramData\Temp:27F44544 [227]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:39CB2031 [388]
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4 [222]
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB [464]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:58E38390 [128]
AlternateDataStreams: C:\ProgramData\Temp:5C92988B [191]
AlternateDataStreams: C:\ProgramData\Temp:60C897F3 [214]
AlternateDataStreams: C:\ProgramData\Temp:61A065F2 [486]
AlternateDataStreams: C:\ProgramData\Temp:669AB5E1 [129]
AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42 [175]
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8 [148]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [190]
AlternateDataStreams: C:\ProgramData\Temp:7C76EAF6 [191]
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639 [185]
AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4 [191]
AlternateDataStreams: C:\ProgramData\Temp:AC543948 [190]
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71 [137]
AlternateDataStreams: C:\ProgramData\Temp:B761039D [177]
AlternateDataStreams: C:\ProgramData\Temp:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [190]
AlternateDataStreams: C:\ProgramData\Temp:CCD8056E [120]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [121]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [217]
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Response to questions
  • Fixlog
  • AdwCleaner log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 16 September 2016 - 12:03 AM

Dear Gary,

 

Pando media booster was installed with one of the MMOs, I believe? Not quite sure. This pc is now used by everyone in the house, so sometimes I probably don't want to know what gets put on it. I can probably uninstall it if you want. I'm sure any game that needs it will just reinstall it.

 

Instspeedfan was installed when the fan wasn't working and laptop was overheating. It gave safe temperature so I'd know when to shut the pc down while waiting for the new part to arrive. That issue has been fixed for quite some time. Should I delete that?

 

 

 

# AdwCleaner v6.020 - Logfile created 15/09/2016 at 23:52:06
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-15.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Heather - HEATHER-PC
# Running from : C:\Users\Heather\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Classes\Exent.GameTreatWidget
[-] Key deleted: HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Classes\Exent.GameTreatWidget.1
[#] Key deleted on reboot: HKCU\Software\Classes\Exent.GameTreatWidget
[#] Key deleted on reboot: HKCU\Software\Classes\Exent.GameTreatWidget.1
[-] Key deleted: HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Exent.GameTreatWidget
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Exent.GameTreatWidget.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget.1
[-] Key deleted: HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key deleted: HKU\S-1-5-21-744858339-710463176-958911846-1001\Software\IM
[#] Key deleted on reboot: HKCU\Software\IM
[#] Key deleted on reboot: [x64] HKCU\Software\IM
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\spybot-search-destroy.en.softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\spybot-search-destroy.en.softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "extensions.wrc.SearchRules.rambler.ru.url" -  "^hxxp\\:\\/\\/nova\\.rambler\\.ru\\/.+"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [5752 Bytes] - [15/09/2016 23:52:06]
C:\AdwCleaner\AdwCleaner[C3].txt - [1611 Bytes] - [11/09/2015 17:06:54]
C:\AdwCleaner\AdwCleaner[R0].txt - [10855 Bytes] - [29/08/2014 21:29:38]
C:\AdwCleaner\AdwCleaner[R1].txt - [3401 Bytes] - [26/01/2015 02:08:41]
C:\AdwCleaner\AdwCleaner[R2].txt - [1166 Bytes] - [01/09/2015 12:11:06]
C:\AdwCleaner\AdwCleaner[R3].txt - [1226 Bytes] - [01/09/2015 12:17:33]
C:\AdwCleaner\AdwCleaner[R4].txt - [1287 Bytes] - [01/09/2015 12:29:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [10913 Bytes] - [29/08/2014 21:32:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [3354 Bytes] - [26/01/2015 02:13:49]
C:\AdwCleaner\AdwCleaner[S5].txt - [6574 Bytes] - [15/09/2016 23:50:18]
C:\AdwCleaner\AdwCleaner[S6].txt - [1487 Bytes] - [09/09/2015 15:47:53]
C:\AdwCleaner\AdwCleaner[S7].txt - [1487 Bytes] - [09/09/2015 15:50:22]
C:\AdwCleaner\AdwCleaner[S8].txt - [1487 Bytes] - [11/09/2015 17:04:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6703 Bytes] ##########

 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Heather (15-09-2016 23:28:39) Run:4
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S2 132ec3ea19087105d94c5760b859ed05; C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5\93a0ca74c1847dce6b24050f5afab558.exe [497664 2016-09-05] () [File not signed] <==== ATTENTION
C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5\93a0ca74c1847dce6b24050f5afab558.exe
S1 0612aa6a1f351eb1ace46c126d0a82f6; system32\DRIVERS\0612aa6a1f351eb1ace46c126d0a82f6.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
2016-09-13 20:18 - 2016-09-13 20:18 - 00000000 ____D C:\Users\Heather\AppData\Local\{59BA6338-80AD-4765-A5F7-0C1AB43C910B}
2016-09-11 21:03 - 2016-09-11 21:03 - 00000000 ____D C:\Users\Heather\AppData\Local\{71A6DFEE-8804-447F-8C3B-6060368BDA6E}
2016-09-02 00:20 - 2016-09-02 00:20 - 00000000 ____D C:\Users\Heather\AppData\Local\{1E2B3D6A-F8A8-44F1-AE49-B99852399F03}
2016-09-01 12:20 - 2016-09-01 12:20 - 00000000 ____D C:\Users\Heather\AppData\Local\{9A21DE89-2C36-488E-B8A5-630DAC5D89B4}
2016-08-31 12:32 - 2016-08-31 12:32 - 00000000 ____D C:\Users\Heather\AppData\Local\{3F96E67C-B12D-44D7-87CE-1678B60CFB71}
2016-08-30 22:15 - 2016-08-30 22:16 - 00000000 ____D C:\Users\Heather\AppData\Local\{625764A9-E412-4C80-9FAC-D36EE6AD4439}
2016-08-29 21:10 - 2016-08-29 21:10 - 00000000 ____D C:\Users\Heather\AppData\Local\{1B1BDCFA-059F-48CE-8A83-94FFED326798}
2016-08-29 09:09 - 2016-08-29 09:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{A0ABD5FC-AD55-47B0-A58A-905B8FEE4B03}
2016-08-28 21:09 - 2016-08-28 21:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{D26CB60C-D525-49EE-9BE0-F3D2D64EA85E}
2016-08-28 09:08 - 2016-08-28 09:09 - 00000000 ____D C:\Users\Heather\AppData\Local\{DDA92A70-E147-46B0-AA26-CBF810D866BB}
2016-08-27 20:56 - 2016-08-27 20:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{3B22AE00-719B-490E-A891-99D4E30A3BEA}
2016-08-27 08:56 - 2016-08-27 08:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{BDF6EDD4-7C28-4493-BAB5-F5C87320FE46}
2016-08-26 20:56 - 2016-08-26 20:56 - 00000000 ____D C:\Users\Heather\AppData\Local\{32523D76-4314-42B4-823C-432039FFE58D}
2016-08-25 06:46 - 2016-08-25 06:46 - 00000000 ____D C:\Users\Heather\AppData\Local\{2626F8DC-4D13-48FB-862D-06015CC830C5}
2016-08-23 19:11 - 2016-08-23 19:11 - 00000000 ____D C:\Users\Heather\AppData\Local\{A48A8082-7636-40CE-9CC7-8911632A43F6}
2016-08-23 07:11 - 2016-08-23 07:11 - 00000000 ____D C:\Users\Heather\AppData\Local\{FF2EE73C-3DE4-4BBB-91B4-F5AA191C7A1E}
2016-08-22 19:10 - 2016-08-22 19:10 - 00000000 ____D C:\Users\Heather\AppData\Local\{4CC35BA9-8FCC-41AC-85AB-EE2DF0CBB2B0}
2016-08-21 19:52 - 2016-08-21 19:52 - 00000000 ____D C:\Users\Heather\AppData\Local\{7BBC30FA-F991-4474-B846-E00626F79DEC}
2016-08-20 10:34 - 2016-08-20 10:34 - 00000000 ____D C:\Users\Heather\AppData\Local\{A642375F-CE78-4CB1-9AB0-800C8956336D}
2016-09-05 03:34 - 2016-06-22 10:29 - 00000000 ____D C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5
AlternateDataStreams: C:\ProgramData\Temp:036B81D9 [170]
AlternateDataStreams: C:\ProgramData\Temp:1349D788 [166]
AlternateDataStreams: C:\ProgramData\Temp:19C541B5 [476]
AlternateDataStreams: C:\ProgramData\Temp:27F44544 [227]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:39CB2031 [388]
AlternateDataStreams: C:\ProgramData\Temp:3C9B05C4 [222]
AlternateDataStreams: C:\ProgramData\Temp:3CA557DB [464]
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA [163]
AlternateDataStreams: C:\ProgramData\Temp:58E38390 [128]
AlternateDataStreams: C:\ProgramData\Temp:5C92988B [191]
AlternateDataStreams: C:\ProgramData\Temp:60C897F3 [214]
AlternateDataStreams: C:\ProgramData\Temp:61A065F2 [486]
AlternateDataStreams: C:\ProgramData\Temp:669AB5E1 [129]
AlternateDataStreams: C:\ProgramData\Temp:6E6A4F42 [175]
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8 [148]
AlternateDataStreams: C:\ProgramData\Temp:7687A3E3 [190]
AlternateDataStreams: C:\ProgramData\Temp:7C76EAF6 [191]
AlternateDataStreams: C:\ProgramData\Temp:7FA0D639 [185]
AlternateDataStreams: C:\ProgramData\Temp:9D0A16E4 [191]
AlternateDataStreams: C:\ProgramData\Temp:AC543948 [190]
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71 [137]
AlternateDataStreams: C:\ProgramData\Temp:B761039D [177]
AlternateDataStreams: C:\ProgramData\Temp:B9C6EB6C [164]
AlternateDataStreams: C:\ProgramData\Temp:CB959782 [190]
AlternateDataStreams: C:\ProgramData\Temp:CCD8056E [120]
AlternateDataStreams: C:\ProgramData\Temp:F5D01D7C [121]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [217]
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
132ec3ea19087105d94c5760b859ed05 => service removed successfully
C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5\93a0ca74c1847dce6b24050f5afab558.exe => moved successfully
0612aa6a1f351eb1ace46c126d0a82f6 => service removed successfully
catchme => service removed successfully
EagleX64 => service removed successfully
NLNdisMP => service removed successfully
NLNdisPT => service removed successfully
X5XSEx => service removed successfully
X5XSEx_Pr143 => service removed successfully
C:\Users\Heather\AppData\Local\{59BA6338-80AD-4765-A5F7-0C1AB43C910B} => moved successfully
C:\Users\Heather\AppData\Local\{71A6DFEE-8804-447F-8C3B-6060368BDA6E} => moved successfully
C:\Users\Heather\AppData\Local\{1E2B3D6A-F8A8-44F1-AE49-B99852399F03} => moved successfully
C:\Users\Heather\AppData\Local\{9A21DE89-2C36-488E-B8A5-630DAC5D89B4} => moved successfully
C:\Users\Heather\AppData\Local\{3F96E67C-B12D-44D7-87CE-1678B60CFB71} => moved successfully
C:\Users\Heather\AppData\Local\{625764A9-E412-4C80-9FAC-D36EE6AD4439} => moved successfully
C:\Users\Heather\AppData\Local\{1B1BDCFA-059F-48CE-8A83-94FFED326798} => moved successfully
C:\Users\Heather\AppData\Local\{A0ABD5FC-AD55-47B0-A58A-905B8FEE4B03} => moved successfully
C:\Users\Heather\AppData\Local\{D26CB60C-D525-49EE-9BE0-F3D2D64EA85E} => moved successfully
C:\Users\Heather\AppData\Local\{DDA92A70-E147-46B0-AA26-CBF810D866BB} => moved successfully
C:\Users\Heather\AppData\Local\{3B22AE00-719B-490E-A891-99D4E30A3BEA} => moved successfully
C:\Users\Heather\AppData\Local\{BDF6EDD4-7C28-4493-BAB5-F5C87320FE46} => moved successfully
C:\Users\Heather\AppData\Local\{32523D76-4314-42B4-823C-432039FFE58D} => moved successfully
C:\Users\Heather\AppData\Local\{2626F8DC-4D13-48FB-862D-06015CC830C5} => moved successfully
C:\Users\Heather\AppData\Local\{A48A8082-7636-40CE-9CC7-8911632A43F6} => moved successfully
C:\Users\Heather\AppData\Local\{FF2EE73C-3DE4-4BBB-91B4-F5AA191C7A1E} => moved successfully
C:\Users\Heather\AppData\Local\{4CC35BA9-8FCC-41AC-85AB-EE2DF0CBB2B0} => moved successfully
C:\Users\Heather\AppData\Local\{7BBC30FA-F991-4474-B846-E00626F79DEC} => moved successfully
C:\Users\Heather\AppData\Local\{A642375F-CE78-4CB1-9AB0-800C8956336D} => moved successfully
C:\Program Files\2e29ccab4be06a3dfffe7ad3cda4fed5 => moved successfully
C:\ProgramData\Temp => ":036B81D9" ADS removed successfully.
C:\ProgramData\Temp => ":1349D788" ADS removed successfully.
C:\ProgramData\Temp => ":19C541B5" ADS removed successfully.
C:\ProgramData\Temp => ":27F44544" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":39CB2031" ADS removed successfully.
C:\ProgramData\Temp => ":3C9B05C4" ADS removed successfully.
C:\ProgramData\Temp => ":3CA557DB" ADS removed successfully.
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\Temp => ":58E38390" ADS removed successfully.
C:\ProgramData\Temp => ":5C92988B" ADS removed successfully.
C:\ProgramData\Temp => ":60C897F3" ADS removed successfully.
C:\ProgramData\Temp => ":61A065F2" ADS removed successfully.
C:\ProgramData\Temp => ":669AB5E1" ADS removed successfully.
C:\ProgramData\Temp => ":6E6A4F42" ADS removed successfully.
C:\ProgramData\Temp => ":6ECE93A8" ADS removed successfully.
C:\ProgramData\Temp => ":7687A3E3" ADS removed successfully.
C:\ProgramData\Temp => ":7C76EAF6" ADS removed successfully.
C:\ProgramData\Temp => ":7FA0D639" ADS removed successfully.
C:\ProgramData\Temp => ":9D0A16E4" ADS removed successfully.
C:\ProgramData\Temp => ":AC543948" ADS removed successfully.
C:\ProgramData\Temp => ":B6D84F71" ADS removed successfully.
C:\ProgramData\Temp => ":B761039D" ADS removed successfully.
C:\ProgramData\Temp => ":B9C6EB6C" ADS removed successfully.
C:\ProgramData\Temp => ":CB959782" ADS removed successfully.
C:\ProgramData\Temp => ":CCD8056E" ADS removed successfully.
C:\ProgramData\Temp => ":F5D01D7C" ADS removed successfully.
C:\ProgramData\Temp => ":F84B8DB5" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 23:29:31 ====

 

 

 

 

The laptop seems to be back to normal. :) I can open programs and they don't take minutes to load. Neither does hibernating or switching users. THANK YOU!!

 

 

 

 


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 16 September 2016 - 08:56 AM

Hi Heather,

I am glad things are much better.

We don't need to remove Pando as long as you are aware of its presence on the computer.

Thank you for the information on the fan software. I thought it was legitimate but when there is a random number in the file name it is best to be sure.

I would like to run a couple more programs if you don't mind. Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report
  • Security check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 16 September 2016 - 05:58 PM

Dear Gary,

 

One of the 'trojans' was not a trojan. Alganon is a old MMO. Have had it on my pc for over a decade without problems. I chose to restore that one after it was quarantined, as I'm not sure it would work without the launcher. But the numbers were off while scanning, regardless. It kept saying it found 5, but only ever showed 4 things. And although it found four, it only quarantined three items, one of which was the game launcher I restored afterward.  Working on the security check report you requested now.

 

 

 

Emsisoft Emergency Kit - Version 11.9
Last update: 9/16/2016 5:11:13 PM
User account: Heather-PC\Heather
Computer name: HEATHER-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/16/2016 5:13:09 PM
Key: HKEY_USERS\S-1-5-21-744858339-710463176-958911846-1001\SOFTWARE\IWIN     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\GLOBALUPDATE     detected: Application.AdUpd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\GLOBALUPDATE     detected: Application.AdUpd (A)
C:\Program Files (x86)\Alganon\Launcher.bat     detected: Trojan.BAT.Agent.FP (B)

Scanned    161266
Found    4

Scan end:    9/16/2016 5:47:39 PM
Scan time:    0:34:30

Key: HKEY_USERS\S-1-5-21-744858339-710463176-958911846-1001\SOFTWARE\IWIN     Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\GLOBALUPDATE     Application.AdUpd (A)
C:\Program Files (x86)\Alganon\Launcher.bat     Trojan.BAT.Agent.FP (B)

Quarantined    3
 


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#8 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 16 September 2016 - 06:09 PM

Security check scan results:

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Java 8 Update 31  
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player 22.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (48.0.2)
 Google Chrome 20.0.1132.57 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 16 September 2016 - 06:16 PM

Good work with Emsisoft.

We need to update some things.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here the click Verify Java version
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Install
  • Uncheck all optional offers
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

If you use Google Chrome it should be updated. Please follow these instructions if you use the browser.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java update and delete old versions successfully?
  • Chrome?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 16 September 2016 - 10:31 PM

Dear Gary,

 

Java is now updated, thank you. And two old versions of it were uninstalled during the process.

 

We only use Firefox, not Chrome. I believe Firefox is up to date.

 

-Heather


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 17 September 2016 - 07:42 AM

Greetings Heather.

Thank you, it looks like we are all done.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Fluffy

Fluffy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Hangin' with the frumious Bandersnatches
  • Local time:12:29 PM

Posted 18 September 2016 - 08:24 PM

Perfect. I've removed the tools, and everything is still running swimmingly. Thank you so much for your help, Gary. You were wonderful, and your instructions were crystal clear. Really exceptional service and you made my day, not having to bring my pc into a shop for repair. Take care.

 

-Heather


I know the voices in my head

aren't real...

But sometimes their ideas are absolutely AWESOME!


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 18 September 2016 - 08:53 PM

Thank you Heather your kindness means a lot to me.

 

You are welcome to pop in again any time. 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:29 AM

Posted 19 September 2016 - 07:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users