Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware, System Restore, Now in Safe Mode


  • This topic is locked This topic is locked
56 replies to this topic

#1 AhhhLeah

AhhhLeah

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 02 February 2017 - 10:23 AM

Last week (HP laptop) I was notified of a ransomware attack.  It moved quickly, system restore failed, and my laptop no longer powers up.  I had no idea what happened.  Now (Toshiba laptop) another ransomware attack!  I'm not certain of any of this but after wracking my brain, to the best of my recollection while browsing with several tabs opening and closing, it seems both times one of my most popular and viewed websites for the past several years was acting funny and was in the process of closing when I was hit.  I can only assume that site has been hacked since I am not a complete novice, have never been attacked before, and am careful about where I go.

 

A system restore got hung up at the end so I thought it didn't work.  I powered down, booted up in safe mode, and received a notice the system restore worked.  In safe mode did Malwarebytes (nothing), Ccleaner (normal things), and Spybot scans (minor things).  I then saw Avast had been disabled and nothing I did worked to re-enable it.  I enabled McAfee in startup, uninstalled and reinstalled Avast...still unprotected.  I rebooted in safe mode and again uninstalled and reinstalled Avast.  The first screen said I was protected but proceeded to tell me I'm not protected.  Maybe doesn't work in safe mode?  I thought I uninstalled it the final time but I guess I didn't because it's still there.  I installed AVG (after I just got it cleaned off my system the day before, ugh) thinking it might be better than McAfee but, unbeknownst to me, it won't start in safe mode so it's just sitting there.  Crap, I just googled it on my phone and found Avast won't work in safe mode so I'll throw this whole issue over to you since I'm about ready to strangle someone.

 

I was almost done cleaning up this laptop when I got hit so my system restore caused me to go backwards in my startup menu cleanup and some of the programs I had uninstalled in the days prior.  After I got hit I uninstalled a few programs in safe mode including but not limited to everything Adobe, Java, and ActiveX.  When I received the second attack I remember seeing the word "Adobe" in the attack notification as if it were laughing at me while telling me that's how it accessed my system.  Anyway, my startup menu needs cleaned up again as well as again uninstalling unnecessary programs to help create more speed.  This laptop was owned by a very elderly lady and had SO many unnecessary programs installed which was bogging it down to the point she thought it was "broken."  It's actually a nice laptop but was still running far slower than it should after I uninstalled many of them and cleaned up the start up menu.  Still not sure why.  Maybe you can shed some light on that and give me a quick run down of what I should disable in my startup and what other programs I can uninstall to save me hours of the same research I did a few days ago.  I should have made notes because my memory sucks.  Lastly, I'm running Adblock Ultimate and Adblock for Firefox.  Will they conflict with each other?  I have been unable to find an answer to this question.

 

Thank you for your time and expertise.  My log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Gail (administrator) on GAIL-PC (02-02-2017 07:39:52)
Running from C:\Users\Gail\Downloads
Loaded Profiles: Gail (Available Profiles: Gail & lmiremote)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5004592 2012-10-19] (Intel® Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-01-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-27] ()
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2017-02-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-01] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{27D64C42-8088-4377-848D-754CB40B3C8B}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {2F898CF3-770C-4649-9661-579EBF3B4B36} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2F898CF3-770C-4649-9661-579EBF3B4B36} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2F898CF3-770C-4649-9661-579EBF3B4B36} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> {2F898CF3-770C-4649-9661-579EBF3B4B36} URL =
SearchScopes: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-01] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-01] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-11] (AVG Secure Search)

FireFox:
========
FF DefaultProfile: epy1dvdc.default-1386716159493
FF ProfilePath: C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493 [2017-02-02]
FF Extension: (AdBlocker Ultimate) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\Extensions\adblockultimate@adblockultimate.net.xpi [2017-01-28]
FF Extension: (AdBlock for Firefox) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-01-27]
FF Extension: (AdBlocker for YouTube™) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-01-28]
FF Extension: (Safe Preview) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\Extensions\safepreview@everhelper.me.xpi [2017-01-28]
FF Extension: (FireShot) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-01-27]
FF Extension: (Diagnostics) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\features\{8f4828dd-d117-4078-9f5f-32d159e732f6}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Gail\AppData\Roaming\Mozilla\Firefox\Profiles\epy1dvdc.default-1386716159493\features\{8f4828dd-d117-4078-9f5f-32d159e732f6}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 => not found
FF HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2016-08-22]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-11-21] (Sun Microsystems, Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\Gail\AppData\Local\Giant Savings\Chrome\Giant Savings.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-02-01] (AVAST Software)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1255272 2017-01-09] (AVG Technologies CZ, s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [X]
S2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2017-02-01] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2017-02-01] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2017-02-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-02-01] (AVAST Software)
S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2017-02-01] (AVAST Software)
S1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2017-02-01] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2017-02-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-02-01] (AVAST Software)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S4 LMIRfsClientNP; no ImagePath
S2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-05-10] (CACE Technologies, Inc.)
S3 radpms; C:\windows\System32\DRIVERS\radpms.sys [14944 2010-12-08] (LogMeIn, Inc.)
S3 USBAAPL64; C:\windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 07:39 - 2017-02-02 07:40 - 00017345 _____ C:\Users\Gail\Downloads\FRST.txt
2017-02-02 07:33 - 2017-02-02 07:39 - 00000000 ____D C:\FRST
2017-02-02 07:32 - 2017-02-02 07:32 - 02420736 _____ (Farbar) C:\Users\Gail\Downloads\FRST64.exe
2017-02-02 06:55 - 2017-02-02 06:55 - 00001485 _____ C:\Users\Gail\Desktop\HijackThis.exe - Shortcut.lnk
2017-02-02 00:23 - 2017-02-01 23:44 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2017-02-01 23:58 - 2017-02-02 00:00 - 146593064 _____ (AVAST Software) C:\Users\Gail\Downloads\vpsupd.exe
2017-02-01 23:46 - 2017-02-01 23:46 - 00000000 ____D C:\Users\Gail\AppData\Roaming\AVAST Software
2017-02-01 23:45 - 2017-02-02 00:23 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-02-01 23:45 - 2017-02-01 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-02-01 23:44 - 2017-02-02 00:23 - 00000350 ____H C:\windows\Tasks\avast! Emergency Update.job
2017-02-01 23:44 - 2017-02-01 23:45 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2017-02-01 23:44 - 2017-02-01 23:45 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2017-02-01 23:44 - 2017-02-01 23:45 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2017-02-01 23:44 - 2017-02-01 23:44 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148601070059807
2017-02-01 23:44 - 2017-02-01 23:44 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148601070100410
2017-02-01 23:44 - 2017-02-01 23:44 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148601070125412
2017-02-01 23:44 - 2017-02-01 23:44 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2017-02-01 23:44 - 2017-02-01 23:44 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2017-02-01 23:44 - 2017-02-01 23:44 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2017-02-01 23:44 - 2017-02-01 23:44 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2017-02-01 23:44 - 2017-02-01 23:44 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2017-02-01 23:44 - 2017-02-01 23:44 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2017-02-01 23:42 - 2017-02-01 23:42 - 06253640 _____ (AVAST Software) C:\Users\Gail\Downloads\avast_free_antivirus_setup_online_cnet_1 (1).exe
2017-02-01 23:42 - 2017-02-01 23:42 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-01 23:03 - 2017-02-01 23:03 - 00000000 ____D C:\Users\Gail\Documents\HijackThis
2017-02-01 22:36 - 2017-02-01 22:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gail\Downloads\HijackThis.exe
2017-02-01 22:31 - 2017-02-01 22:37 - 00000000 ____D C:\Program Files (x86)\HijackThis
2017-02-01 22:13 - 2017-02-01 22:13 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2017-02-01 22:13 - 2017-02-01 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-02-01 22:12 - 2017-02-02 06:54 - 00000000 ____D C:\Program Files (x86)\AVG
2017-02-01 22:12 - 2017-02-01 22:12 - 00000392 ____H C:\windows\Tasks\AVG EUpdate Task.job
2017-02-01 20:54 - 2017-02-02 06:55 - 00991782 _____ C:\windows\ntbtlog.txt
2017-01-29 09:40 - 2017-01-29 09:40 - 00000000 ____D C:\Users\Gail\AppData\Local\Apps\2.0
2017-01-28 15:14 - 2017-01-28 15:15 - 07029984 _____ (Microsoft Corporation) C:\Users\Gail\Downloads\Silverlight.exe
2017-01-27 21:51 - 2017-02-02 00:31 - 00000000 ____D C:\Users\Gail\AppData\Local\AvgSetupLog
2017-01-27 21:47 - 2017-01-27 22:15 - 00003888 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1485571635
2017-01-27 21:44 - 2017-02-01 19:29 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2017-01-27 21:44 - 2017-01-27 21:44 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2017-01-27 21:43 - 2017-01-27 21:43 - 00992960 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2017-01-27 21:43 - 2017-01-27 21:43 - 00921280 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2017-01-27 21:39 - 2017-02-01 23:42 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-27 21:38 - 2017-01-27 21:38 - 06253640 _____ (AVAST Software) C:\Users\Gail\Downloads\avast_free_antivirus_setup_online_cnet_1.exe
2017-01-27 19:24 - 2017-01-27 21:13 - 00000000 ____D C:\windows\pss
2017-01-27 19:19 - 2017-01-27 19:19 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-27 19:12 - 2017-01-27 19:16 - 08813488 _____ (Piriform Ltd) C:\Users\Gail\Downloads\ccsetup526.exe
2017-01-27 09:42 - 2017-01-27 09:42 - 00000000 ____D C:\Users\Gail\AppData\Roaming\AVG
2017-01-27 09:20 - 2017-01-27 09:20 - 00000000 ____D C:\Users\Gail\AppData\Local\CEF
2017-01-26 23:00 - 2017-02-02 07:03 - 00000000 ____D C:\Users\Gail\AppData\LocalLow\Mozilla
2017-01-26 22:59 - 2017-01-26 22:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-26 22:57 - 2017-01-26 22:57 - 00245424 _____ C:\Users\Gail\Downloads\Firefox Setup Stub 51.0.1.exe
2017-01-26 22:47 - 2017-01-26 20:40 - 00000857 _____ C:\windows\system32\Drivers\etc\hosts.20170126-224716.backup
2017-01-26 22:06 - 2017-02-01 19:42 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 22:05 - 2017-01-26 22:05 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-26 22:04 - 2017-01-26 22:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-26 22:04 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2017-01-26 22:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2017-01-26 21:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-01-26 21:05 - 2017-02-01 20:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-26 21:05 - 2017-02-01 19:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-26 21:05 - 2017-01-26 21:05 - 00001402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-26 21:05 - 2017-01-26 21:05 - 00001390 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-01-26 21:05 - 2017-01-26 21:05 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2017-01-26 21:05 - 2017-01-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-26 21:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2017-01-26 21:01 - 2017-01-26 21:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Gail\Downloads\spybot-2.4.exe
2017-01-26 20:40 - 2017-02-01 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 06:54 - 2014-11-21 12:00 - 00000000 ____D C:\ProgramData\AVG
2017-02-01 22:06 - 2011-11-21 23:38 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-02-01 22:05 - 2011-11-21 23:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-01 21:57 - 2012-02-23 09:47 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2017-02-01 21:57 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-01 21:47 - 2012-07-01 16:14 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2017-02-01 21:46 - 2014-12-24 08:53 - 00000000 ____D C:\ProgramData\Apple
2017-02-01 21:46 - 2012-07-02 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-02-01 21:46 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2017-02-01 19:36 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-02-01 19:31 - 2012-07-01 14:02 - 00000000 ____D C:\Users\Gail
2017-02-01 19:29 - 2014-12-24 08:54 - 00000000 ____D C:\windows\System32\Tasks\Apple
2017-02-01 19:29 - 2014-12-23 20:43 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-02-01 19:29 - 2014-12-20 11:48 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-02-01 19:29 - 2012-09-01 08:50 - 00000000 ____D C:\Users\lmiremote
2017-02-01 19:29 - 2012-07-02 12:57 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-02-01 19:29 - 2012-07-02 12:57 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-02-01 19:29 - 2012-07-01 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-01 19:29 - 2012-07-01 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beyond Compare 2
2017-02-01 19:29 - 2012-07-01 16:18 - 00000000 ____D C:\Users\LogMeInRemoteUser
2017-02-01 19:29 - 2012-07-01 14:15 - 00000000 ____D C:\Users\Public\Documents\Installation Files
2017-02-01 19:29 - 2011-11-21 23:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-01 19:29 - 2011-11-21 23:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-02-01 19:29 - 2009-07-13 22:20 - 00000000 ____D C:\windows\security
2017-02-01 19:28 - 2014-05-07 08:41 - 00000000 ____D C:\windows\Minidump
2017-02-01 19:28 - 2012-07-01 16:20 - 00000000 ____D C:\Program Files (x86)\Beyond Compare 2
2017-02-01 19:28 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2017-02-01 19:27 - 2012-07-01 14:02 - 00000000 ____D C:\Users\Gail\AppData\Roaming\Macromedia
2017-02-01 19:25 - 2012-02-23 09:47 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-01 19:25 - 2011-11-21 23:31 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 19:23 - 2012-02-23 09:09 - 00000000 ____D C:\Program Files (x86)\Intel
2017-02-01 19:23 - 2011-11-21 23:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-01 19:20 - 2009-07-13 23:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-01 19:20 - 2009-07-13 23:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-29 13:18 - 2012-07-01 16:14 - 00000000 ____D C:\ProgramData\LogMeIn
2017-01-29 12:35 - 2012-07-04 09:35 - 00000000 ____D C:\Users\Gail\AppData\Local\Adobe
2017-01-28 23:45 - 2012-07-04 15:38 - 00000000 ____D C:\Users\Gail\Documents\Katya
2017-01-28 23:42 - 2012-07-04 15:38 - 00000000 ____D C:\Users\Gail\Documents\Clyde and Gail Medical
2017-01-28 23:41 - 2012-07-04 15:38 - 00000000 ____D C:\Users\Gail\Documents\Updated addresses 2010
2017-01-28 16:46 - 2012-07-01 14:03 - 00000000 ____D C:\Users\Gail\AppData\Local\VirtualStore
2017-01-28 15:31 - 2013-01-18 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 15:29 - 2012-07-01 15:51 - 00000000 ____D C:\windows\system32\Macromed
2017-01-28 15:29 - 2011-11-21 23:31 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-27 22:54 - 2013-03-26 07:05 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6C7BE393-087F-40C8-A413-EE4E449807E9}
2017-01-27 22:17 - 2012-07-01 17:08 - 00000000 ____D C:\Users\Gail\Desktop\My Kindle Content
2017-01-27 22:05 - 2016-11-28 18:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-27 22:05 - 2012-07-01 16:04 - 00000000 ____D C:\ProgramData\MFAData
2017-01-27 19:19 - 2012-07-01 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-27 18:17 - 2012-07-01 17:19 - 00000000 ____D C:\Users\Gail\AppData\Roaming\Skype
2017-01-27 13:42 - 2012-07-02 12:57 - 00000000 ____D C:\Users\Gail\AppData\Roaming\HpUpdate
2017-01-27 10:37 - 2014-01-24 10:05 - 00001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2017-01-27 10:37 - 2014-01-24 10:05 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2017-01-27 10:30 - 2014-11-21 09:14 - 00000000 ____D C:\ProgramData\AVG2015
2017-01-27 09:19 - 2016-11-28 18:47 - 00000000 ____D C:\Users\Gail\AppData\Local\Avg
2017-01-26 22:59 - 2013-05-29 12:00 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-26 22:59 - 2013-05-29 12:00 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-26 22:47 - 2009-07-13 21:34 - 00453884 ____R C:\windows\system32\Drivers\etc\hosts.20170201-202234.backup
2017-01-26 22:29 - 2009-07-13 22:20 - 00000000 ____D C:\windows\Resources
2017-01-26 22:28 - 2012-07-02 11:12 - 00000000 ____D C:\Users\Gail\AppData\Roaming\Auslogics
2017-01-26 22:28 - 2012-07-01 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-01-26 22:05 - 2012-07-01 17:09 - 00000000 ____D C:\Users\Gail\AppData\Roaming\Malwarebytes
2017-01-26 22:04 - 2012-07-01 17:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-26 20:55 - 2014-12-24 08:55 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-01-26 20:47 - 2012-07-02 12:57 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-26 20:09 - 2009-07-14 00:13 - 00782494 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-26 20:07 - 2012-07-15 16:19 - 00201463 _____ C:\windows\system32\tmp.xml

==================== Files in the root of some directories =======

2013-06-27 07:59 - 2014-06-22 21:08 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-11-12 19:30 - 2012-11-12 19:30 - 0027520 _____ () C:\Users\Gail\AppData\Local\dt.dat
2012-11-03 17:22 - 2012-11-03 17:22 - 0000017 _____ () C:\Users\Gail\AppData\Local\resmon.resmoncfg
2012-07-02 12:57 - 2012-07-02 12:57 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-02-02 00:33 - 2014-09-27 18:24 - 2084888 _____ (AVG Technologies) C:\Users\Gail\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-01 11:21

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 02 February 2017 - 10:58 AM

Addition.txt attached.



#3 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 02 February 2017 - 11:01 AM

Sorry...Addition.txt attached.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Gail (02-02-2017 07:41:16)
Running from C:\Users\Gail\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-01 19:02:17)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4098365070-926832710-3877579155-500 - Administrator - Disabled)
Gail (S-1-5-21-4098365070-926832710-3877579155-1000 - Administrator - Enabled) => C:\Users\Gail
Guest (S-1-5-21-4098365070-926832710-3877579155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4098365070-926832710-3877579155-1002 - Limited - Enabled)
lmiremote (S-1-5-21-4098365070-926832710-3877579155-1004 - Administrator - Enabled) => C:\Users\lmiremote

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.126.2.56387 - AVG Technologies)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
AVG Zen (Version: 1.126.7 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Beyond Compare Version 2.2.3 (HKLM-x32\...\BC2_is1) (Version: - Scooter Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FMW 1 (Version: 1.152.5 - AVG Technologies) Hidden
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® My WiFi Dashboard (HKLM\...\{6FF4DB88-3E54-468C-A0C6-208766A45C52}) (Version: 15.06.0000.0226 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Nexus 11.6 (HKLM-x32\...\Winstep Xtreme_is1) (Version: - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Overlook Fing (HKLM-x32\...\Overlook Fing 1.4) (Version: 1.4 - Overlook)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS5520FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0130.640204 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
winpcap-overlook 4.02 (HKLM-x32\...\winpcap-overlook) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05A36955-89B9-4791-9C1F-3C127D7901EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {11F326EB-5B02-4E2E-BC8F-FF7122E64DD0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {125B81CB-FC34-4845-A050-B926EC476F6C} - System32\Tasks\SafeZone scheduled Autoupdate 1485571635 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {12DADA82-E8B1-449D-8083-EF776882F73F} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-10-19] (Intel® Corporation)
Task: {351DC1E1-C032-4D71-B259-E08B1E2F3F11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-02-01] (AVAST Software)
Task: {378D4AB9-742E-4F1D-AD43-AF50F21D00DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {501DAA20-E0A1-460D-8F90-3A94FC804E06} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {6680BC68-508D-41D2-B755-CF192AD53890} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {7669033B-D15B-4E21-B116-69F0E896ECC3} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {A8F0FD40-CB84-4DBA-BCF9-E107FA6501D1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4098365070-926832710-3877579155-1000
Task: {C2E29816-0906-4A59-BFE0-19FD126E11BF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {E60B8EBF-9F97-430B-BDEC-5CD88E3F77E4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\windows\Tasks\AVG EUpdate Task.job => C:\Program Files (x86)\AVG\Setup\avgsetupx.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\SysWOW64\CN25E140T105ST:NW [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.

IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4098365070-926832710-3877579155-1000\...\123simsen.com -> www.123simsen.com

There are 7927 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-02-01 20:22 - 00454052 ____R C:\windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15579 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4098365070-926832710-3877579155-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gail\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupfolder: C:^Users^Gail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - .lnk => C:\windows\pss\Monitor Ink Alerts - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^Gail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Nexus => C:\Program Files (x86)\Winstep\Nexus.exe autostart
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C872428A-EEC0-4859-981B-44A990B4821D}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5908E83F-A67E-4D95-B275-37A845D908C0}] => LPort=2869
FirewallRules: [{5450716C-A89B-49DA-A7EB-39BCE09ABC90}] => LPort=1900
FirewallRules: [{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{53C30A38-375B-4EAC-A4FC-7255FEE57685}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5E159DD2-B8F1-43EE-94D2-52010C32A64E}] => C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{04AEB885-5292-4CEE-AFF7-01D6B17162D4}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{167365B9-0D56-41F2-AE0D-C1FE08D749F3}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E1A77415-20FB-4696-9200-FA638AAFD18C}] => C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F0E0E252-D721-481F-81D7-322C2A62BBAC}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{6340CE53-5C9C-4E45-85EB-DADC8BA361B0}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{E51E34DC-86C1-4B75-8773-2C12EDD0737B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{E066235B-981D-4959-B962-DCBA7AB0BA4C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{ABBBC5D8-BFA5-4F13-B60A-F525EF2448CB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{C5C8DFEB-CFEF-401D-8993-588E3DE923A3}] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{C9B9C5A7-CC5F-45E5-941A-CC66491CE777}] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
FirewallRules: [{F05F7C02-8AB6-44D3-A85A-D948CD86E257}] => C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{D504C3A1-7A76-4D04-A0DF-C99B9740F7BA}] => C:\Program Files\Intel\CCDashboard\bin\CCDash.exe
FirewallRules: [{6833804D-67BE-41B2-8A70-A942AE240E5B}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{55B9AE32-1930-4189-A851-B5C4D918E639}] => C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D26FE10A-ADE2-4A17-BCAF-103228A59CA2}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5C30FF63-0BA1-4CDE-B343-0D5543D23938}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3BA2FD42-3122-4CA5-8BC9-2B49453D5678}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D65C8AD-2304-4056-8E23-B05138D88186}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F61A699A-66B9-49AC-916E-6D508CAC6C5B}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{15B818D7-CD0D-464A-A8A1-C207EA6D8681}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-01-2017 09:28:00 Installed AVG 2016
27-01-2017 09:30:16 Installed AVG
27-01-2017 21:28:33 Removed Bonjour
27-01-2017 21:53:53 Removed AVG
27-01-2017 21:57:00 Removed AVG 2016
28-01-2017 15:30:44 Removed Java™ 6 Update 22
28-01-2017 15:32:00 Removed Java™ 6 Update 25
28-01-2017 21:38:47 Installed TOSHIBA Service Station
29-01-2017 10:47:23 Removed Apple Software Update
29-01-2017 12:31:55 Removed Apple Application Support
29-01-2017 12:33:16 Removed Apple Mobile Device Support
29-01-2017 12:34:16 Removed Apple Software Update
29-01-2017 12:36:40 Removed HP Update.
29-01-2017 12:37:28 Removed LogMeIn
01-02-2017 19:18:49 Restore Operation

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2017 06:56:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/02/2017 12:33:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNINSTALL.EXE_AVG Uninstaller, version: 18.1.9.799, time stamp: 0x53f5e100
Faulting module name: UNINSTALL.EXE, version: 18.1.9.799, time stamp: 0x53f5e100
Exception code: 0xc0000005
Fault offset: 0x0011eef1
Faulting process id: 0x440
Faulting application start time: 0x01d27d15e43969e1
Faulting application path: C:\Users\Gail\AppData\Local\Temp\UNINSTALL.EXE
Faulting module path: C:\Users\Gail\AppData\Local\Temp\UNINSTALL.EXE
Report Id: 30c6dc98-e909-11e6-9acb-dc0ea14287ef

Error: (02/02/2017 12:33:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Uninstall.exe_AVG Uninstaller, version: 18.1.9.799, time stamp: 0x53f5e100
Faulting module name: Uninstall.exe, version: 18.1.9.799, time stamp: 0x53f5e100
Exception code: 0xc0000005
Fault offset: 0x0011ae04
Faulting process id: 0x6c8
Faulting application start time: 0x01d27d15e2b30834
Faulting application path: C:\Program Files (x86)\AVG Secure Search\Uninstall.exe
Faulting module path: C:\Program Files (x86)\AVG Secure Search\Uninstall.exe
Report Id: 298a9fe2-e909-11e6-9acb-dc0ea14287ef

Error: (02/02/2017 12:28:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 12:27:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/02/2017 12:04:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/01/2017 11:45:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/01/2017 11:41:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/01/2017 10:26:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/01/2017 10:16:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (02/02/2017 07:39:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:39:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:39:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:37:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:37:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:37:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:32:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:32:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:32:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (02/02/2017 07:32:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2017-02-02 07:40:48.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 07:40:47.946
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 07:40:47.603
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 07:40:47.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-01 22:38:52.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-01 22:38:52.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-01 21:31:32.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-01 21:31:32.396
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-01 21:12:06.060
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-01 21:12:05.794
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 4002.69 MB
Available physical RAM: 2673.46 MB
Total Virtual: 8003.57 MB
Available Virtual: 6739.36 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:579.64 GB) (Free:517.14 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 05 February 2017 - 09:17 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 05 February 2017 - 09:16 AM

Greetings AhhhLeah and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please post in the Ransomware Help & Tech Support Forum that you are receiving help in the Malware Forum so you will abandoning that Topic.

Please allow me just a bit of time to review what you have posted. I will be posting back later today.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 09:42 AM

Will do. Thank you.

#6 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 12:44 PM

I notified the Ransomware forum and will wait for further instructions from you. My name is Leah. Thank you for your time Gary.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 05 February 2017 - 02:31 PM

Greetings Leah and thank you again for your continued patience.

I am not aware of any conflict between the 2 Adblock programs. I would suggest letting symptoms or lack of symptoms be your guide.

I would recommend uninstalling AVG and Avast in the manner I am providing and then reinstalling the program of your choice, Personally I am not a big fan of Spybot so I am going to include that program as well but the choice is yours.

Please do this then we will address your startups issue.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click the Revo Uninstaller icon
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Avast Free Antivirus
AVG
AVG Security Toolbar
AVG Zen
Spybot - Search & Destroy
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window check the items in bold only then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Next then Yes
  • On the Found leftover files and folders window click on Select all, click Finish, then click Yes
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CloseProcesses:
SearchScopes: HKU\S-1-5-21-4098365070-926832710-3877579155-1000 -> {2F898CF3-770C-4649-9661-579EBF3B4B36} URL =
2017-01-26 20:07 - 2012-07-15 16:19 - 00201463 _____ C:\windows\system32\tmp.xml
AlternateDataStreams: C:\windows\SysWOW64\CN25E140T105ST:NW [0]
cmd: sfc /scannow
reboot:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Which programs uninstalled?
  • Fixlog
  • Update on computer behavior

Edited by Oh My!, 05 February 2017 - 05:18 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 04:03 PM

I ran into a problem. Powered up using F8 to go into safe mode but it didn't go into safe mode. I did nothing wrong for it to bi-pass my command. I bleep down as soon as I could. It hung up not wanting to fully shut down. I removed the battery to get it to shut down. Tried F8 again and I chose safe mode with networking. It went to the next screen showing a normal full screen of different Loaded drivers. It's still telling me to Please wait...

#9 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 04:05 PM

"bleep" should be "shut"

#10 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 04:13 PM

It just jumped out of safe mode and began powering up in regular mode. I yanked the battery back out. I hope that's not a bad thing Gary. I'm blindly trying to make the best decisions I can. Will wait to hear from you.

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 05 February 2017 - 04:54 PM

Do you have a Windows Installation disk? It appears you do not have a Recovery Partition on your computer.

Let me know if you were able to boot somehow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 05:04 PM

I am in safe mode.
And do not have a Windows installation disc.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 05 February 2017 - 05:45 PM

Is you ability to boot into Safe Mode sporadic?

I modified the Fixlist. Please skip the Revo steps for now and attempt to run the Fixlist in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 AhhhLeah

AhhhLeah
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:37 AM

Posted 05 February 2017 - 05:54 PM

Just to clarify, on the last step of the Revo Uninstaller you do not want the Found Leftover Files and Folders deleted? If they are to be deleted we need to hit Select All then hit Delete then Yes then Finish.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 AM

Posted 05 February 2017 - 05:56 PM

I thought you might have trouble with Revo but if not, yes delete all the leftover Files/Folders.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users