Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extreme slowness and inappropriate pop-ups on wife's laptop


  • Please log in to reply
8 replies to this topic

#1 Flevokiwi

Flevokiwi

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Netherlands
  • Local time:12:03 PM

Posted 21 August 2017 - 07:10 AM

As per topic title, my wife's laptop experiences extreme slowness. Not only when surfing the internet, but also when opening applications which are run locally from the hard drive, viewing a video clip, opening pictures from the hard drive, etc. When surfing the internet (no heavy downloads, but just reading the news, looking up recipes, etc), the slowness seems to be irrespective of the used browser. Youtube video clips tend to freeze at random points, accompanied by garbled sound. When on the internet and clicking on a link to go to another page or open up another tab, often persistent pop-ups appear with "adult content". At times, they can only be killed by using the Task Manager.

 

I followed the preparation guide by Grinler. The result of both logs are shown below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Mrina (administrator) on HOME-A (21-08-2017 13:29:46)
Running from C:\Users\Mrina\Desktop
Loaded Profiles: Mrina (Available Profiles: Aleesha & Mrina & Sjoerd)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-08-15] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-10] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\Users\Aleesha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mrina\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-07-05]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.179.104.196 213.46.228.196
Tcpip\..\Interfaces\{05DA18D9-58D0-48AE-97D9-99EA57E4B582}: [DhcpNameServer] 62.179.104.196 213.46.228.196
Tcpip\..\Interfaces\{918C28A3-E947-461B-93FB-8A4336C99466}: [DhcpNameServer] 62.179.104.196 213.46.228.196

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130849905730981863&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130849905731137863&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^nl&si=CIGx-vjUxrkCFXMbtAodVRwAQw&ptb=2EB14B5E-2A0F-47CA-8174-D07E938F17B2&ind=2013111915&n=77fda66b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> DefaultScope {809596DB-05A6-4902-B014-DBA5C5E5F1B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {809596DB-05A6-4902-B014-DBA5C5E5F1B6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-07-15] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-15] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-15] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-02-21] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-07-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-07-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-07-15] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX

FireFox:
========
FF DefaultProfile: e1awqita.default
FF ProfilePath: C:\Users\Mrina\AppData\Roaming\Mozilla\Firefox\Profiles\e1awqita.default [2017-08-21]
FF Extension: (Avast SafePrice) - C:\Users\Mrina\AppData\Roaming\Mozilla\Firefox\Profiles\e1awqita.default\Extensions\sp@avast.com.xpi [2017-08-15]
FF Extension: (Avast Online Security) - C:\Users\Mrina\AppData\Roaming\Mozilla\Firefox\Profiles\e1awqita.default\Extensions\wrc@avast.com.xpi [2017-08-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-03] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npwebplugin -> C:\Windows\system32\npwebplugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-14] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-09-23] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxp://www.facebook.com/"
CHR Profile: C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default [2017-08-21]
CHR Extension: (Google Docs) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Logitech SetPoint) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-06-22]
CHR Extension: (Adobe Acrobat) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Avast SafePrice) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Chrome async cache plugin) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgjmkkapinpoblnnchkgiafdjmpijamj [2016-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (EZTV Series & Shows List) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hknldidmnagecjpbpkdoaabdahajeddc [2016-03-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-08-15] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-08-15] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-14] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [49992 2017-08-10] (Dropbox, Inc.)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-07] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-08-15] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-15] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-08-15] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-08-15] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-08-15] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-08-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146704 2017-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-08-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015880 2017-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-08-15] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-15] (AVAST Software)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-03-02] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-03-02] (Acronis)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-21 13:29 - 2017-08-21 13:31 - 000020082 _____ C:\Users\Mrina\Desktop\FRST.txt
2017-08-21 13:27 - 2017-08-21 13:29 - 000000000 ____D C:\FRST
2017-08-21 13:25 - 2017-08-21 13:25 - 002395648 _____ (Farbar) C:\Users\Mrina\Desktop\FRST64.exe
2017-08-19 22:15 - 2017-08-19 22:15 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-16 11:40 - 2017-08-16 11:41 - 000002294 _____ C:\Windows\SysWOW64\unins000.dat
2017-08-16 11:40 - 2017-08-16 11:40 - 000716789 _____ C:\Windows\SysWOW64\unins000.exe
2017-08-16 11:40 - 2015-10-08 17:24 - 000286720 _____ (www.xjghost.com) C:\Windows\SysWOW64\XHAWebClientPlayBack.ocx
2017-08-16 11:40 - 2015-10-08 17:22 - 000188416 _____ () C:\Windows\SysWOW64\XHAWebClientPlus.ocx
2017-08-16 11:40 - 2015-10-08 17:02 - 000002520 _____ C:\Windows\SysWOW64\langFinnish_XHA.ini
2017-08-16 11:40 - 2015-09-29 18:44 - 000002392 _____ C:\Windows\SysWOW64\langDanish_XHA.ini
2017-08-16 11:40 - 2015-08-20 15:20 - 000002614 _____ C:\Windows\SysWOW64\langTurkish_XHA.ini
2017-08-16 11:40 - 2015-05-07 10:29 - 000002694 _____ C:\Windows\SysWOW64\langPolish_XHA.ini
2017-08-16 11:40 - 2015-03-24 18:15 - 000002792 _____ C:\Windows\SysWOW64\langSwedish_XHA.ini
2017-08-16 11:40 - 2015-03-03 17:27 - 000002001 _____ C:\Windows\SysWOW64\langRussia_XHA.ini
2017-08-16 11:40 - 2015-03-03 16:24 - 000001057 _____ C:\Windows\SysWOW64\langChn_XHA.ini
2017-08-16 11:40 - 2015-03-03 14:16 - 000000426 _____ C:\Windows\SysWOW64\langFrench_XHA.ini
2017-08-16 11:40 - 2014-12-17 16:02 - 000000310 _____ C:\Windows\SysWOW64\langKorean_XHA.ini
2017-08-16 11:40 - 2014-12-17 11:17 - 000000204 _____ C:\Windows\SysWOW64\langDutch_XHA.ini
2017-08-16 11:40 - 2014-12-17 11:13 - 000000205 _____ C:\Windows\SysWOW64\langJapanese_XHA.ini
2017-08-16 11:40 - 2014-12-09 14:00 - 000000478 _____ C:\Windows\SysWOW64\langSpanlish_XHA.ini
2017-08-16 11:40 - 2014-12-09 13:59 - 000000446 _____ C:\Windows\SysWOW64\langPortuguese_XHA.ini
2017-08-16 11:40 - 2014-12-09 13:58 - 000000462 _____ C:\Windows\SysWOW64\langGerman_XHA.ini
2017-08-16 11:40 - 2014-12-09 13:58 - 000000456 _____ C:\Windows\SysWOW64\langItalian_XHA.ini
2017-08-16 11:40 - 2014-12-03 11:06 - 000209920 _____ C:\Windows\SysWOW64\npwebplugin.dll
2017-08-16 11:40 - 2014-11-29 15:05 - 000065536 _____ () C:\Windows\SysWOW64\hiPBClient.dll
2017-08-16 11:40 - 2014-11-29 13:42 - 000057344 _____ (微软中国) C:\Windows\SysWOW64\XHASearchLib.dll
2017-08-16 11:40 - 2014-11-29 13:41 - 000053248 _____ () C:\Windows\SysWOW64\XHASDK.dll
2017-08-16 11:40 - 2014-11-29 11:57 - 000389120 _____ () C:\Windows\SysWOW64\XHAPlayer.dll
2017-08-16 11:40 - 2014-11-29 11:55 - 000217088 _____ () C:\Windows\SysWOW64\XHANetLib.dll
2017-08-16 11:40 - 2013-01-06 13:59 - 000315392 _____ () C:\Windows\SysWOW64\XHAPlayer.exe
2017-08-16 11:40 - 2012-09-25 21:39 - 002555406 _____ C:\Windows\SysWOW64\avcodec-54.dll
2017-08-16 11:40 - 2012-09-25 21:39 - 000157198 _____ C:\Windows\SysWOW64\avutil-51.dll
2017-08-16 11:40 - 2010-08-23 20:07 - 000562220 _____ C:\Windows\SysWOW64\AlarmSound.wav
2017-08-15 21:09 - 2017-08-18 10:08 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-08-15 21:09 - 2017-08-15 21:03 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-08-15 21:09 - 2017-08-15 21:03 - 000320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-08-15 21:09 - 2017-08-15 21:03 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-08-15 21:09 - 2017-08-15 21:03 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-08-15 21:08 - 2017-08-15 21:07 - 000400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-10 23:24 - 2017-08-10 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-10 19:03 - 2017-08-10 19:03 - 000049992 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-08-10 19:03 - 2017-08-10 19:03 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-08-10 19:03 - 2017-08-10 19:03 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-07-27 00:13 - 2017-07-27 00:13 - 000277472 _____ C:\Windows\Minidump\072717-22292-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-21 13:31 - 2015-08-10 22:26 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1528322305-4087468735-4108138618-1001UA.job
2017-08-21 13:30 - 2009-07-14 06:45 - 000021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-21 13:30 - 2009-07-14 06:45 - 000021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-21 13:14 - 2017-05-29 05:58 - 000000000 ____D C:\Users\Mrina\AppData\LocalLow\Mozilla
2017-08-21 13:14 - 2013-11-20 23:57 - 000000000 ____D C:\Users\Mrina\AppData\Roaming\uTorrent
2017-08-21 13:13 - 2016-04-06 08:47 - 000000000 ____D C:\Users\Mrina\AppData\LocalLow\uTorrent
2017-08-21 13:12 - 2016-12-14 18:01 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-21 11:46 - 2013-04-02 23:21 - 000000000 ____D C:\Users\Mrina\AppData\Local\Adobe
2017-08-20 23:58 - 2014-11-04 01:11 - 000000000 ____D C:\Users\Mrina\AppData\Roaming\vlc
2017-08-20 22:30 - 2015-08-10 22:25 - 000000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1528322305-4087468735-4108138618-1001Core.job
2017-08-20 22:16 - 2016-07-14 23:21 - 000003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468531262
2017-08-20 17:12 - 2016-12-14 18:01 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-19 22:18 - 2013-03-02 14:07 - 000000000 ____D C:\temp
2017-08-19 22:10 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-19 22:09 - 2017-03-20 18:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-19 22:09 - 2015-05-10 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-19 22:09 - 2009-07-14 07:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2017-08-18 10:29 - 2013-06-22 23:32 - 000002494 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-18 10:29 - 2013-06-22 23:32 - 000002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-15 21:10 - 2013-03-02 14:23 - 001015880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2017-08-15 21:10 - 2013-03-02 14:23 - 000146704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-08-15 21:10 - 2013-03-02 14:23 - 000146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150282423960407
2017-08-15 21:07 - 2014-04-26 23:46 - 000198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-08-15 21:07 - 2014-04-26 23:46 - 000046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-08-15 21:07 - 2013-03-02 14:23 - 000585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-08-15 21:07 - 2013-03-02 14:23 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-08-15 21:07 - 2013-03-02 14:23 - 000146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150282421832403
2017-08-15 21:07 - 2013-03-02 14:23 - 000110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-08-15 21:07 - 2013-03-02 14:23 - 000084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-08-15 21:07 - 2013-03-02 14:22 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-15 21:04 - 2016-07-11 21:31 - 000041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-08-15 21:04 - 2013-03-02 14:23 - 001015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.150282423960407
2017-08-15 12:12 - 2013-09-24 15:02 - 000000000 ____D C:\Users\Mrina\AppData\Roaming\Skype
2017-08-13 19:02 - 2016-08-29 12:53 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-10 23:24 - 2016-12-14 18:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-09 19:36 - 2015-04-02 22:19 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-09 16:56 - 2015-08-25 13:21 - 000168448 ___SH C:\Users\Mrina\Thumbs.db
2017-08-08 17:50 - 2015-03-04 22:45 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-08-08 17:50 - 2013-03-02 14:25 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-08-08 17:50 - 2013-03-02 14:25 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-08 17:50 - 2013-03-02 14:25 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-08-08 17:50 - 2013-03-02 14:25 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-03 18:35 - 2013-09-24 15:01 - 000000000 ____D C:\ProgramData\Skype
2017-07-27 00:13 - 2014-12-12 18:06 - 000000000 ____D C:\Windows\Minidump

Some files in TEMP:
====================
2013-03-02 16:17 - 2013-03-02 16:17 - 000609592 _____ () C:\Users\Aleesha\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
2013-01-29 00:20 - 2013-01-29 00:20 - 000248008 _____ (Ask.com) C:\Users\Aleesha\AppData\Local\Temp\AskSLib.dll
2013-03-02 16:12 - 2013-03-02 16:12 - 000009728 _____ () C:\Users\Aleesha\AppData\Local\Temp\bassmod.dll
2016-07-14 23:21 - 2016-07-14 23:21 - 000071168 _____ () C:\Users\Aleesha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplghenr.dll
2014-04-16 15:15 - 2014-04-16 15:15 - 001071360 _____ (Solid State Networks) C:\Users\Aleesha\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe
2013-03-03 18:54 - 2013-02-08 20:39 - 000101616 _____ () C:\Users\Aleesha\AppData\Local\Temp\LMkRstPt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-21 12:30

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Mrina (21-08-2017 13:32:42)
Running from C:\Users\Mrina\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-03-02 11:54:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1528322305-4087468735-4108138618-500 - Administrator - Disabled)
Aleesha (S-1-5-21-1528322305-4087468735-4108138618-1001 - Administrator - Enabled) => C:\Users\Aleesha
Guest (S-1-5-21-1528322305-4087468735-4108138618-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1528322305-4087468735-4108138618-1045 - Limited - Enabled)
Mrina (S-1-5-21-1528322305-4087468735-4108138618-1004 - Administrator - Enabled) => C:\Users\Mrina
Sjoerd (S-1-5-21-1528322305-4087468735-4108138618-1005 - Administrator - Enabled) => C:\Users\Sjoerd

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0.0.225 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.244.0 - AVAST Software)
Brother HL-5340D (HKLM-x32\...\{E5A5859A-1777-48AC-9728-DB3AE00B4761}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChrisPC Free Anonymous Proxy 6.20 (HKLM-x32\...\{6006089C-84B5-4F18-8113-D96792AED0DE}_is1) (Version:  - Chris P.C. srl)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 32.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
eReg (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
IPCamera V1.0.1.2 (HKLM-x32\...\IPCamera_is1) (Version:  - PCamera)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Java SE Development Kit 8 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
K-Lite Mega Codec Pack 12.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{90120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Photo! Editor 1.1 (HKLM-x32\...\PhotoToolkit_is1) (Version:  - )
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.275 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
True Image 2013 (HKLM-x32\...\{ADAEEC53-24AF-4A49-B872-75FCBDA59916}) (Version: 16.0.5551 - Acronis) Hidden
True Image 2013 (HKLM-x32\...\{ADAEEC53-24AF-4A49-B872-75FCBDA59916}Visible) (Version: 16.0.5551 - Acronis)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.69.1001 - Chicony Electronics Co.,Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.8 - )
web control version 1.0.0.9 (HKLM-x32\...\{7DEBACD4-13DE-46DF-974F-F3F264D1E897}_is1) (Version: 1.0.0.9 - )
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-15] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-15] (AVAST Software)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2012-08-23] (Acronis)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-15] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2012-08-23] (Acronis)
ContextMenuHandlers2-x32: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} => C:\Program Files (x86)\Photo!\Photo! Editor\IvBar\ivbshlext.dll [2008-09-02] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-15] (AVAST Software)
ContextMenuHandlers3-x32: [IVBShlExt] -> {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} => C:\Program Files (x86)\Photo!\Photo! Editor\IvBar\ivbshlext.dll [2008-09-02] ()
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-10] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-02] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-15] (AVAST Software)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2012-08-23] (Acronis)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3A8609-72B7-4E6C-918B-76C59CA7E83C} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-07-15] (AVAST Software)
Task: {0E3524A5-86BD-4A0B-AE04-0C58F9C38DBD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-14] (Dropbox, Inc.)
Task: {117A23D1-A797-4117-A0C2-C951432CDF2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1F91B13F-080A-4935-A099-1506AABBBE91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {21478285-B176-4014-8FD1-CD534ED54AFF} - System32\Tasks\{65115C98-2E7A-4797-AFDD-514461D09D59} => C:\Windows\system32\pcalua.exe -a G:\tinotefoliocreator.exe -d G:\
Task: {279B39B7-E955-4B18-B8AC-97390AB33B2C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-15] (AVAST Software)
Task: {35B9A214-A926-4E1A-A7BB-2B3099728F1A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1528322305-4087468735-4108138618-1001Core => C:\Users\Aleesha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-10] (Dropbox, Inc.)
Task: {4A0C1D48-6E43-4B59-B150-307532748D3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {7248DE3F-CA16-401D-A738-46806BBCDB49} - System32\Tasks\AdobeAAMUpdater-1.0-HOME-A-Mrina => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {883F0031-C8CF-4C06-B9D8-409C4F6D53F2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {91B6B30F-FE46-4AF5-AAF6-D05A54F00EFC} - System32\Tasks\SafeZone scheduled Autoupdate 1468531262 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {995639E6-3B65-467C-A8FE-2AAEC49ADD1F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {A0BF8B99-D20C-4FC8-B9F5-45CB6AA484E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A6B0D373-47C5-4300-8207-78B23D4F81BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BAC07AFA-F603-448A-A78F-B2C7E30A4104} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1528322305-4087468735-4108138618-1001UA => C:\Users\Aleesha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-10] (Dropbox, Inc.)
Task: {D8B07D65-F708-4B1F-8AD6-6AD110FAF138} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-14] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1528322305-4087468735-4108138618-1001Core.job => C:\Users\Aleesha\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1528322305-4087468735-4108138618-1001UA.job => C:\Users\Aleesha\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Mrina\Desktop\EZTV Series & Shows List.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hknldidmnagecjpbpkdoaabdahajeddc
ShortcutWithArgument: C:\Users\Mrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\EZTV Series & Shows List.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hknldidmnagecjpbpkdoaabdahajeddc
ShortcutWithArgument: C:\Users\Mrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                                                         
ShortcutWithArgument: C:\Users\Mrina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                                                         
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->                                                                                                                                                         

==================== Loaded Modules (Whitelisted) ==============

2016-10-25 10:57 - 2016-10-25 10:57 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-08-15 21:04 - 2017-08-15 21:04 - 000162032 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000831664 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000276808 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-08-18 10:29 - 2017-08-11 09:40 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\swiftshader\libglesv2.dll
2017-08-18 10:29 - 2017-08-11 09:40 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\swiftshader\libegl.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-19 12:43 - 2017-08-19 12:43 - 005895544 _____ () C:\Program Files\AVAST Software\Avast\defs\17081900\algo.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-15 21:05 - 2017-08-15 21:05 - 000231664 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-08-20 17:42 - 2017-08-20 17:42 - 005895544 _____ () C:\Program Files\AVAST Software\Avast\defs\17082000\algo.dll
2017-08-21 11:47 - 2017-08-21 11:47 - 005895544 _____ () C:\Program Files\AVAST Software\Avast\defs\17082104\algo.dll
2012-08-23 01:42 - 2012-08-23 01:42 - 000435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2017-08-15 21:06 - 2017-08-15 21:06 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-08-15 21:06 - 2017-08-15 21:06 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-15 21:03 - 2017-08-15 21:03 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-10 23:23 - 2017-08-10 19:03 - 000753472 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-08-10 23:23 - 2017-08-10 19:03 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-08-10 23:24 - 2017-08-10 19:03 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-08-10 23:23 - 2017-08-10 19:06 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-08-10 23:23 - 2017-08-10 19:03 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-08-10 23:23 - 2017-08-10 19:06 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-10 23:23 - 2017-08-10 19:06 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-10 23:23 - 2017-08-10 19:06 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-10 23:24 - 2017-08-10 19:03 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-10 23:23 - 2017-08-10 19:03 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-08-10 23:23 - 2017-08-10 19:05 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-10 23:24 - 2017-08-10 19:07 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-08-10 23:23 - 2017-08-10 19:05 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-08-10 23:24 - 2017-08-10 19:07 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-10 23:24 - 2017-08-10 19:07 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-10 23:23 - 2017-08-10 19:05 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-07-15 00:28 - 2016-07-15 00:28 - 038907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.179.104.196 - 213.46.228.196
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: nmapp => "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
MSCONFIG\startupreg: nmctxth => "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: Search Protection => "C:\Users\Mrina\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05AE75E9-94CA-4F77-B533-0E108627F21F}] => (Allow) C:\Users\Aleesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E255E46-F6C6-4D55-88A2-7B411D00EE99}] => (Allow) C:\Users\Aleesha\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C905BCF6-FD46-4DD2-A6FC-1E4CE1E09207}C:\users\mrina\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mrina\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5E67E47E-95E8-4A19-ADA0-ED6BCE5E5006}C:\users\mrina\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mrina\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9730E73C-0C92-46B1-902C-CB861D5EC69C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8742AECD-545B-484D-9995-D92303838F80}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{F6A1BD81-9235-4ABF-BA97-854FDD0D3827}C:\users\mrina\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mrina\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A0381696-7BD1-4F2C-BD01-AC568629EE65}C:\users\mrina\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\mrina\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ADA52D21-E884-412B-AC36-B9EE954FFB36}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5D2219A1-2670-42B0-91E3-2C87DDC82921}C:\users\mrina\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\mrina\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2512F94A-0546-42BF-9624-2B65C71FF200}C:\users\mrina\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\mrina\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A58A0A88-BD98-4FAE-8B32-963797F730E1}C:\program files\avms\client\jsurclient.exe] => (Allow) C:\program files\avms\client\jsurclient.exe
FirewallRules: [UDP Query User{51F08835-C9B6-4379-A6AF-F8DA47EA1985}C:\program files\avms\client\jsurclient.exe] => (Allow) C:\program files\avms\client\jsurclient.exe
FirewallRules: [TCP Query User{9DFB5F13-9006-472C-97BD-E2AC18F3C07F}C:\users\aleesha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aleesha\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A13D4A8D-29AE-45F6-96B8-A4B0ED4B0F93}C:\users\aleesha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\aleesha\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0AAE3423-4B31-4AFB-AD49-37D77A3C90E5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{2B5B4BCE-4CE0-4018-A297-79197DFF95DB}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{155336A8-5794-4BCF-ACDB-6BB83652AE36}C:\program files\java\jdk1.7.0_75\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\java.exe
FirewallRules: [UDP Query User{955BA90F-88D8-416A-9920-914D5EDDC100}C:\program files\java\jdk1.7.0_75\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\java.exe
FirewallRules: [TCP Query User{6A09CF8D-18A5-408D-97F4-86D09B308667}C:\program files\android\android studio1\bin\studio64.exe] => (Allow) C:\program files\android\android studio1\bin\studio64.exe
FirewallRules: [UDP Query User{23509F2F-67D8-4C3E-9A40-2B4729BC9C4F}C:\program files\android\android studio1\bin\studio64.exe] => (Allow) C:\program files\android\android studio1\bin\studio64.exe
FirewallRules: [TCP Query User{91B5BA7B-EA8E-40E8-B0A3-5E1386B9B1A8}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{BC0DED8D-61F6-4C25-9FDF-392E15FD02F4}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{1D1D2DA5-B37C-4A54-B96D-F9C7844EA7FF}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F70A6697-4EE3-4ACF-8A49-A6BA84F0D392}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5E7A3FF0-0DDE-4EE4-A589-3B20FA90960E}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{BE3A3E3C-A9B7-4C03-B6AF-853ED971F323}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{AA227351-45A1-4C48-95E5-86C172154527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{65F9A88E-CC75-4430-A424-F90932B6D4C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56AE4C2F-8726-4DC4-9F43-F9F6689E540D}] => (Allow) C:\Program Files\JSurveillance\Application\AVCapture.exe
FirewallRules: [{EB756C5E-7400-4C88-B700-02904F7B4A3A}] => (Allow) C:\Program Files\JSurveillance\Application\AVCapture.exe
FirewallRules: [TCP Query User{3689F488-638D-4A36-B58A-05F0D5CBFF59}C:\program files\jsurveillance\application\devicesearch.exe] => (Block) C:\program files\jsurveillance\application\devicesearch.exe
FirewallRules: [UDP Query User{51629D72-E030-4B50-9525-6908CF5C209C}C:\program files\jsurveillance\application\devicesearch.exe] => (Block) C:\program files\jsurveillance\application\devicesearch.exe
FirewallRules: [{2A488A01-3B49-4851-BA68-219BE172C87E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0A34A05-E681-4BE9-BE94-E1E5AB6D2F88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{93EA6BC1-AEA8-403D-A8DF-35EDCC5BC80B}C:\users\mrina\appdata\roaming\utorrent\updates\3.4.9_43388.exe] => (Allow) C:\users\mrina\appdata\roaming\utorrent\updates\3.4.9_43388.exe
FirewallRules: [UDP Query User{1E97C50B-EA44-4E51-9484-1374FE8122C7}C:\users\mrina\appdata\roaming\utorrent\updates\3.4.9_43388.exe] => (Allow) C:\users\mrina\appdata\roaming\utorrent\updates\3.4.9_43388.exe
FirewallRules: [{022EFD63-AA9C-4D60-AF86-D0469BE6AFBF}] => (Allow) C:\Users\Sjoerd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E0C726CC-2F44-4A5C-AF30-3037B3261401}] => (Allow) C:\Users\Sjoerd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5A19AA3-3B3F-4302-BA09-9311C574386F}] => (Allow) C:\Users\Sjoerd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D817D7F6-15B9-4770-BE64-3CC2F9D38F3A}] => (Allow) C:\Users\Sjoerd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{17DCA0D7-0D48-4FB0-8273-710BB420D311}] => (Allow) C:\Users\Sjoerd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F4803B2-29F9-41BC-AB88-56FC294D108E}] => (Allow) C:\Users\Sjoerd\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{97C0E309-B13E-437C-998E-3B463323F787}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CED5C4C3-652F-46D4-8E63-1535DE6B7A5E}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C941C8C3-1239-4627-980A-CC86F4307145}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34830F75-845E-465F-B64A-313014FF7ABB}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{21123053-7EC2-4B0D-9DE1-BBC9632BACA6}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78DF7313-8FA4-4D50-9ED8-A262A2701E60}] => (Allow) C:\Users\Mrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3AADF37-50CF-41D5-968C-D4419262FFBB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7C6C889B-25C6-448F-848A-FBC2E0888458}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CD515C92-DF05-47B3-AD87-3E3357F1BF75}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{B59FB687-733F-48AD-8606-B46DD59E51FF}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe

==================== Restore Points =========================

21-08-2017 12:37:36 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2017 10:11:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/19/2017 01:53:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.2.0.574, time stamp: 0x591d50a6
Faulting module name: AGSService.exe, version: 4.2.0.574, time stamp: 0x591d50a6
Exception code: 0xc0000005
Fault offset: 0x000a95ea
Faulting process id: 0x7f8
Faulting application start time: 0x01d30ed4fe864e22
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Report Id: 0f71ebf4-84d5-11e7-998f-00262d5e563a

Error: (08/19/2017 11:36:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.18933, time stamp: 0x55a6a1d1
Exception code: 0xc0000005
Fault offset: 0x000000000004ad22
Faulting process id: 0x8d4
Faulting application start time: 0x01d30ed50d883b1c
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: dad9455d-84c1-11e7-998f-00262d5e563a

Error: (08/06/2017 06:58:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/27/2017 12:14:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/18/2017 10:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/18/2017 10:24:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/17/2017 04:58:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/16/2017 12:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (08/20/2017 10:28:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (08/20/2017 12:10:49 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/20/2017 09:40:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (08/19/2017 10:10:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:07:11 on ‎19-‎08-‎2017 was unexpected.

Error: (08/19/2017 01:53:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/19/2017 11:36:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/19/2017 04:40:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

Error: (08/19/2017 04:40:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/18/2017 10:13:21 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.103.
The computer with the IP address 192.168.1.102 did not allow the name to be claimed by
this computer.

Error: (08/16/2017 01:41:07 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


CodeIntegrity:
===================================
  Date: 2016-09-20 14:33:58.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-20 14:33:58.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 00:55:12.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-08 00:55:12.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 22:08:38.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 22:08:38.498
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-01 22:08:38.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 12:48:07.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 12:48:07.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-14 17:33:37.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 69%
Total physical RAM: 4024.93 MB
Available physical RAM: 1227.16 MB
Total Virtual: 8048.04 MB
Available Virtual: 5565.23 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:100 GB) (Free:18.66 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Win 8) (Fixed) (Total:100 GB) (Free:83.23 GB) NTFS
Drive e: (Spare) (Fixed) (Total:265.76 GB) (Free:168.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3CDA3CD9)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 Flevokiwi

Flevokiwi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Netherlands
  • Local time:12:03 PM

Posted 21 August 2017 - 07:29 AM

I made two attempts to post the above information and both times, after a minute or so, I got the message that it had timed out. I then went to my own desktop PC to post the requested information, but see at least one attempt apparently had already succeeded. It is just another example of slowness experienced on the laptop.

 

 

Additional info: The AV software used is Avast Free version (fully updated). So far, it has not given any warnings about malware on the laptop.


Edited by Flevokiwi, 21 August 2017 - 07:31 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 AM

Posted 21 August 2017 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^nl&si=CIGx-vjUxrkCFXMbtAodVRwAQw&ptb=2EB14B5E-2A0F-47CA-8174-D07E938F17B2&ind=2013111915&n=77fda66b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/npwebplugin -> C:\Windows\system32\npwebplugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Java SE Development Kit 8 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
<<<>>>

Please post the logs and let me know what problem persists with this computer.

#4 Flevokiwi

Flevokiwi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Netherlands
  • Local time:12:03 PM

Posted 21 August 2017 - 12:43 PM

Thank you, nasdaq for your quick response. I followed the instructions in sequence, step by step. I observed a small error in your instructions for MBAM. You say to click the Scan tab on the right detail pane. In the version I downloaded today (v3.1.2.1733), the Scan tab is on the left side.

 

The responsiveness of the laptop has increased significantly! I usually work on my own desktop PC, so would not know the usual speed of the laptop. I will let my wife use it again and ask for her experience. Please find the requested logs below:

 

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by Mrina (21-08-2017 17:51:39) Run:1
Running from C:\Users\Mrina\Desktop
Loaded Profiles: Mrina (Available Profiles: Aleesha & Mrina & Sjoerd)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm255^YYA^nl&si=CIGx-vjUxrkCFXMbtAodVRwAQw&ptb=2EB14B5E-2A0F-47CA-8174-D07E938F17B2&ind=2013111915&n=77fda66b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1528322305-4087468735-4108138618-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1439461978&z=8607f31a1fb24592ccb0d57g9z5c3t2z6q8getdm1m&from=smt&uid=HitachiXHTS545050B9A300_091017PBG406Q7CBN9HVX
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @google.com/npwebplugin -> C:\Windows\system32\npwebplugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast SafePrice) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01]
CHR Extension: (Avast Online Security) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} => key not found. 
HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key removed successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npwebplugin => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
CHR Extension: (Avast SafePrice) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-06-01] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-10] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Mrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78331710 B
Java, Flash, Steam htmlcache => 740 B
Windows/system/drivers => 174565183 B
Edge => 0 B
Chrome => 502809925 B
Firefox => 82921396 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42371414 B
systemprofile32 => 67148 B
LocalService => 66356 B
NetworkService => 66228 B
Aleesha => 542584554 B
Mrina => 280658970 B
Sjoerd => 139837961 B
 
RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:55:49 ====

 

 

MBAM log:

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 8/21/17
Scan Time: 6:23 PM
Log File: MBAM log.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2630
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HOME-A\Mrina
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399655
Threats Detected: 21
Threats Quarantined: 21
Time Elapsed: 19 min, 18 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 8
PUP.Optional.MindSpark, HKU\S-1-5-21-1528322305-4087468735-4108138618-1005\SOFTWARE\VideoDownloadConverter_4z, Delete-on-Reboot, [257], [240671],1.0.2630
PUP.Optional.MindSpark, HKU\S-1-5-21-1528322305-4087468735-4108138618-1005\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Delete-on-Reboot, [257], [240533],1.0.2630
PUP.Optional.ASK, HKU\S-1-5-21-1528322305-4087468735-4108138618-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}, Delete-on-Reboot, [510], [245523],1.0.2630
PUP.Optional.MindSpark, HKU\S-1-5-21-1528322305-4087468735-4108138618-1001\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Delete-on-Reboot, [257], [240533],1.0.2630
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Delete-on-Reboot, [14240], [245008],1.0.2630
PUP.Optional.MindSpark, HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\SOFTWARE\VideoDownloadConverter_4z, Delete-on-Reboot, [257], [240671],1.0.2630
PUP.Optional.MyEmoticons, HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Delete-on-Reboot, [6527], [241021],1.0.2630
PUP.Optional.MindSpark, HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, Delete-on-Reboot, [257], [240533],1.0.2630
 
Registry Value: 2
PUP.Optional.ASK, HKU\S-1-5-21-1528322305-4087468735-4108138618-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}|DISPLAYNAME, Delete-on-Reboot, [510], [245523],1.0.2630
PUP.Optional.ASK, HKU\S-1-5-21-1528322305-4087468735-4108138618-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}|URL, Delete-on-Reboot, [510], [245522],1.0.2630
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 4
PUP.Optional.ProtectWindowsManager, C:\ProgramData\iWinManProi\update, Delete-on-Reboot, [11857], [180703],1.0.2630
PUP.Optional.ProtectWindowsManager, C:\PROGRAMDATA\iWinManProi, Delete-on-Reboot, [11857], [180703],1.0.2630
PUP.Optional.OpenCandy, C:\Users\Mrina\AppData\Roaming\OpenCandy\OpenCandy_1FC89775F060429E9937584B479BF4C5, Delete-on-Reboot, [509], [173202],1.0.2630
PUP.Optional.OpenCandy, C:\USERS\MRINA\APPDATA\ROAMING\OpenCandy, Delete-on-Reboot, [509], [173202],1.0.2630
 
File: 7
PUP.Optional.ProtectWindowsManager, C:\ProgramData\iWinManProi\updateconf, Delete-on-Reboot, [11857], [180703],1.0.2630
PUP.Optional.OpenCandy, C:\Users\Mrina\AppData\Roaming\OpenCandy\OpenCandy_1FC89775F060429E9937584B479BF4C5\WWE_1.2.0.53.exe, Delete-on-Reboot, [509], [173202],1.0.2630
PUP.Optional.Spigot, C:\USERS\MRINA\APPDATA\ROAMING\SEARCH PROTECTION\SP.EXE, Delete-on-Reboot, [627], [300859],1.0.2630
PUP.Optional.MindSpark, C:\USERS\SJOERD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_pconverter.dl.tb.ask.com_0.localstorage, Delete-on-Reboot, [257], [240306],1.0.2630
PUP.Optional.MindSpark, C:\USERS\SJOERD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_pconverter.dl.tb.ask.com_0.localstorage-journal, Delete-on-Reboot, [257], [240306],1.0.2630
PUP.Optional.MindSpark, C:\USERS\SJOERD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_pconverter.dl.myway.com_0.localstorage, Delete-on-Reboot, [257], [240305],1.0.2630
PUP.Optional.MindSpark, C:\USERS\SJOERD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_pconverter.dl.myway.com_0.localstorage-journal, Delete-on-Reboot, [257], [240305],1.0.2630
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
AdwClean log after 1st scan:
# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 21 17:08:51 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Adware.Heuristic, syncagentsrv
 
 
***** [ Folders ] *****
 
Trojan.Agent, C:\Users\Sjoerd\AppData\LocalLow\iac
PUP.Optional.SearchProtect, C:\Users\Mrina\AppData\Roaming\Search Protection
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Software\UpdateStar
PUP.Optional.Legacy, [Key] - HKCU\Software\UpdateStar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
PUP.Optional.MindSpark.A, [Key] - HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
PUP.Optional.MindSpark.A, [Key] - HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
PUP.Optional.OurSurfing.ShrtCln, [Key] - HKLM\SOFTWARE\oursurfingSoftware
PUP.Optional.WPM, [Key] - HKLM\SOFTWARE\supWindowsMangerProtect
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
AdwClean log after cleaning and reboot:
# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 21 17:11:55 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: syncagentsrv
 
 
***** [ Folders ] *****
 
Deleted: C:\Users\Sjoerd\AppData\LocalLow\iac
Deleted: C:\Users\Mrina\AppData\Roaming\Search Protection
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-1528322305-4087468735-4108138618-1004\Software\UpdateStar
Deleted: [Key] - HKCU\Software\UpdateStar
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9103C314-C4E2-4463-8934-B19BCB46236D}
Deleted: [Key] - HKLM\SOFTWARE\oursurfingSoftware
Deleted: [Key] - HKLM\SOFTWARE\supWindowsMangerProtect
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [2218 B] - [2017/8/21 17:8:51]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
AdwClean log after second scan:
# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 21 17:20:29 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2198 B] - [2017/8/21 17:11:55]
C:/AdwCleaner/AdwCleaner[S0].txt - [2218 B] - [2017/8/21 17:8:51]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


#5 Flevokiwi

Flevokiwi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Netherlands
  • Local time:12:03 PM

Posted 21 August 2017 - 01:18 PM

Forgot to mention: Java has been updated to version 8, update 144 and all previous versions have been uninstalled.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 AM

Posted 21 August 2017 - 01:23 PM


hi,
Let me know of any difficulties.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
==

#7 Flevokiwi

Flevokiwi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Netherlands
  • Local time:12:03 PM

Posted 21 August 2017 - 01:57 PM

My wife has resumed working on the laptop and - so far - has not experienced the extreme slowness and hang ups as before. Many thanks, also on her behalf!

 

Just out of interest: what type of items have been removed from the laptop?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:03 AM

Posted 22 August 2017 - 07:04 AM



Hi,

Mostly browse hijacker such as these entries.
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?
SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?

These were probably set by 3rd party programs.

Running Malwarebytes and AdwCleaner can clean must of these.

#9 Flevokiwi

Flevokiwi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Netherlands
  • Local time:12:03 PM

Posted 22 August 2017 - 07:58 AM

Thank you nasdaq. I have explained to my wife how to practise safe surfing and how to (hopefully) recognise non-legitimate pop-up windows (e.g. "Virus detected, click here to clean"). She has now used the laptop for almost 24 hours and confirms the speed and reliability of the laptop is back to normal again. She's happy... I am happy. This thread may be filed. Thank you! :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users