Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure what is happening...


  • This topic is locked This topic is locked
16 replies to this topic

#1 DuvallBuck

DuvallBuck

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 October 2017 - 12:53 PM

My niece's computer is acting strangely and she is concerned that she might have malware on it. I looked at it but I'm not sure what may or may not be wrong. Here is is the files.

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 24 October 2017 - 04:41 PM

Hello DuvallBuck and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please do this in the order given in the instructions.

===================================================

Uninstall programs

Please uninstall this program:


AVG SafeGuard toolbar

 

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 October 2017 - 08:38 PM

I tried the link to JRT but got Site Suspended: This site has stepped out for a bit.

 

Here are the other 3 files.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2017 01
Ran by April (24-10-2017 18:09:19)
Running from C:\Users\April\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-25 23:20:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-8038656-3629219085-2855119699-500 - Administrator - Disabled)
April (S-1-5-21-8038656-3629219085-2855119699-1000 - Administrator - Enabled) => C:\Users\April
Guest (S-1-5-21-8038656-3629219085-2855119699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-8038656-3629219085-2855119699-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8180004F-8861-8051-87FE-C892A27A9AFB}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{34CE35A5-BC22-4045-9F05-6C411D3A74DB}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C2802}) (Version: 12.40.2.3945 - APN, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.26.01 - Broadcom Corporation)
Budget Tracker Deluxe (HKLM-x32\...\{A4ECCC05-F645-412C-A77D-EF4F5E3234C2}) (Version: 1.0.0.0 - Avanquest North America Inc.)
ccc-core-static (HKLM-x32\...\{9481AC23-C241-79A2-C7AE-2AAF1568780A}) (Version: 2009.0625.1812.30825 - ATI) Hidden
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
LG VZW United Drivers (HKLM-x32\...\{FF712194-6643-4E4D-A340-2D447A644F75}) (Version: 2.16.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive for Windows (HKLM-x32\...\{C96D82F1-6CB0-42C2-8ED3-C3DD739E0280}) (Version: 3.4.0 - OverDrive, Inc.)
PowerDVD (HKLM-x32\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Remote Desktop Connection (HKLM-x32\...\{82AE5DA6-4D28-40C2-BF21-9F2B90EF488E}) (Version: 5.1.2600.1106 - Microsoft)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Sesame Street - Learn, Play & Grow (HKLM-x32\...\{33785AE7-2203-4D93-B6B3-35B7CC3C4906}) (Version: 1.0.0.6 - Nova Development)
Sonic Activation Module (HKLM-x32\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Sonic Solutions) Hidden
Spotify (HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2016-04-01] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-06-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2016-04-01] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C2D68F2-F8C8-49DC-862F-7D36E68F8E82} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {7D48ED29-D6C9-42F5-9DFE-645D90D5353E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81401AB2-80BC-4C44-A0BF-7F6B7FEFB32D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15] (Adobe Systems Incorporated)
Task: {ADBA19BB-BAF7-4A96-94D3-DC43A17404F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E76C3A5F-22AB-426B-A88A-DA593E74A4E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-12-11 10:15 - 2006-08-18 14:17 - 000049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2008-11-18 13:00 - 2008-11-18 13:00 - 000016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-01-26 06:50 - 2012-01-26 06:50 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-07 10:51 - 2017-10-18 16:27 - 047503472 _____ () C:\Users\April\AppData\Roaming\Spotify\libcef.dll
2015-09-07 10:51 - 2017-10-18 16:27 - 001584240 _____ () C:\Users\April\AppData\Roaming\Spotify\libglesv2.dll
2015-09-07 10:51 - 2017-10-18 16:27 - 000082032 _____ () C:\Users\April\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 74.40.74.40 - 74.40.74.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{438F5AA0-2818-45B3-8EAE-DE9BB42AFCB3}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{E76C2302-A890-4D32-841A-33D00A2A2F94}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{BB48C9D3-5ACA-4EB7-BEA6-A7EE1A8FB2E7}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6E65428C-B362-46B1-8236-57867474F00F}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A4479D37-7707-4692-A738-F1EF831E351E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4F4CA793-B350-43AD-A577-E2FDBC10B575}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA64B02E-83FE-4C94-A32F-77B2CCBCDE22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF9B0ED2-C167-4231-83CA-E8008D3A1484}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4ABA585-4713-4746-8DB6-20C6839A48B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7E9608D8-983F-4E0E-B622-07910A79D9E1}C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe] => (Block) C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
FirewallRules: [UDP Query User{FF8DF567-AC04-4CA7-8C4E-AEB81A98E8EC}C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe] => (Block) C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
FirewallRules: [{D705E7EB-1C82-480A-AA2B-2433EA625988}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DE3D0915-34ED-4038-BEE4-C7E5FD38D477}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2EAC6CAA-1ED0-4969-A429-320C7EA69556}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5B53A0E-106B-47D3-B6F8-569E72999A17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B60FCB-4342-4C80-AEDA-48B368A75998}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{65BCA811-2ED5-4AE7-B2D7-9972EC8497A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A99E8F8B-7673-45D8-9E64-A2A58F3159A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{AF6231DB-B3A3-42E3-BE0B-6983A2F93B95}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{526A1A82-1953-4BE9-A0F6-915DE929DBDF}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AC2D6C66-41BC-4F1E-9003-73672E3BB1A3}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D06A7F74-C670-4604-8174-A9B9B3FC3465}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7CBE05D7-1044-4ED1-9043-207889BC9E0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5EC9998-AABC-4E1C-982B-5B9703588306}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AD471BAB-C7B0-40F6-9087-38D1862527B5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4ED3383B-07DE-44D6-B16F-287CCE127EA6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{C77E9757-0DEF-4C23-A2CC-188E1007486F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-03-2016 09:01:25 Scheduled Checkpoint
01-04-2016 22:37:05 Scheduled Checkpoint
02-04-2016 03:00:44 Windows Update
14-04-2016 17:35:40 Scheduled Checkpoint
15-04-2016 03:00:38 Windows Update
26-04-2016 19:18:34 Scheduled Checkpoint
19-10-2017 11:07:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2017 06:04:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (10/24/2017 06:03:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.ServiceHost.exe, version: 1.1.58.35540, time stamp: 0x56fb83c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0325f613
Faulting process id: 0x738
Faulting application start time: 0x01d34d2d01f9974e
Faulting application path: C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
Faulting module path: unknown
Report Id: 45653497-b920-11e7-896f-002564ebb2ec

Error: (10/24/2017 06:03:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at System.Net.FixedSizeReader.ReadCallback(System.IAsyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr)
   at System.Net.ContextAwareResult.CompleteCallback(System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.ContextAwareResult.Complete(IntPtr)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (10/18/2017 04:33:17 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (10/18/2017 04:33:17 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (05/01/2016 01:51:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (04/30/2016 06:24:26 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (04/29/2016 11:17:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (04/28/2016 04:46:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Error: (04/27/2016 09:51:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).


System errors:
=============
Error: (10/24/2017 06:05:31 PM) (Source: Application Popup) (EventID: 876) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.

Error: (10/24/2017 06:03:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/24/2017 06:03:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/24/2017 06:03:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/24/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/24/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/24/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/24/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/24/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/24/2017 06:02:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 33%
Total physical RAM: 6135.12 MB
Available physical RAM: 4059.78 MB
Total Virtual: 12268.42 MB
Available Virtual: 9799.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:559.67 GB) NTFS
Drive d: (ACTIVE BOOT) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E665C125)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 62.5 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2017 01
Ran by April (administrator) on APRIL-PC (24-10-2017 18:07:55)
Running from C:\Users\April\Downloads
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\Spotify.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Roxio) C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\Spotify.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1612872 2016-04-20] (APN)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-27] (Google Inc.)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Spotify Web Helper] => C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2017-10-18] (Spotify Ltd)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Spotify] => C:\Users\April\AppData\Roaming\Spotify\Spotify.exe [6890608 2017-10-18] (Spotify Ltd)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {42209d28-7bd7-11e4-922a-002564ebb2ec} - I:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {891568d9-d17b-11e5-89c4-002564ebb2ec} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {d285bb52-b60a-11e1-857e-002564ebb2ec} - I:\LaunchU3.exe -a
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 74.40.74.40 74.40.74.41
Tcpip\..\Interfaces\{C3FE697E-1729-4C77-8EA1-BBF2BB1D7BF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C8528867-5F5F-4659-9F1A-6C087A138284}: [DhcpNameServer] 74.40.74.40 74.40.74.41

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1FAD8D32-4BBF-4ED6-8D8E-E156A5C67948&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={4399A35F-052B-446A-A86E-FA843FCD7FA8}&mid=016d30a5ce11435f84180b499e07fe2f-ada9beeeaee683891c82c42ca67317a5a0c4a95d&lang=en&ds=ad011&coid=avgtbdisad&cmpid=0116tb&pr=sa&d=2014-03-02 13:31:52&v=19.2.0.326&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2016-04-20] (APN LLC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2016-04-20] (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2200

FireFox:
========
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default [2017-10-24]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sj2b0wcx.default -> Conduit Search
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sj2b0wcx.default -> AVG Secure Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\sj2b0wcx.default -> Conduit Search
FF Homepage: Mozilla\Firefox\Profiles\sj2b0wcx.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\sj2b0wcx.default ->
FF Extension: (Avira Browser Safety) - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default\Extensions\abs@avira.com [2017-10-24]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-04-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-04-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-04-01] (Avira Operations GmbH & Co. KG)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [24576 2014-05-27] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2014-05-27] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-05-27] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-24 18:07 - 2017-10-24 18:08 - 000017163 _____ C:\Users\April\Downloads\FRST.txt
2017-10-24 18:06 - 2017-10-24 18:06 - 000000000 ____D C:\ProgramData\AskPartnerNetwork
2017-10-24 18:01 - 2017-10-24 18:03 - 000000000 ____D C:\AdwCleaner
2017-10-24 17:59 - 2017-10-24 18:00 - 008250832 _____ (Malwarebytes) C:\Users\April\Downloads\adwcleaner_7.0.3.1.exe
2017-10-24 10:56 - 2017-10-24 18:07 - 000000000 ____D C:\FRST
2017-10-24 10:56 - 2017-10-24 10:56 - 002403328 _____ (Farbar) C:\Users\April\Downloads\FRST64.exe
2017-10-24 10:51 - 2017-10-24 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-10-24 10:51 - 2017-10-24 10:51 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-24 18:06 - 2015-09-07 10:51 - 000000000 ____D C:\Users\April\AppData\Local\Spotify
2017-10-24 18:06 - 2012-12-12 22:03 - 000000000 ____D C:\MDT
2017-10-24 18:05 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-24 18:03 - 2013-11-07 20:55 - 000000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2017-10-24 17:56 - 2012-01-27 19:15 - 000000000 ____D C:\Users\April\AppData\Local\Google
2017-10-24 17:54 - 2014-08-07 10:43 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-10-24 11:01 - 2012-02-05 12:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-24 10:58 - 2009-07-13 21:45 - 000015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-24 10:58 - 2009-07-13 21:45 - 000015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-24 10:52 - 2012-01-27 19:15 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-24 10:52 - 2012-01-27 19:15 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-24 10:51 - 2015-11-09 19:20 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-10-24 10:51 - 2013-11-15 19:17 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-10-19 10:44 - 2015-09-07 10:51 - 000000000 ____D C:\Users\April\AppData\Roaming\Spotify
2017-10-18 16:26 - 2015-01-15 23:24 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2014-03-02 14:31 - 2014-06-02 09:00 - 000003748 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-01-19 18:44 - 2013-01-19 18:44 - 000003584 _____ () C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2012-08-22 20:38 - 2012-08-22 20:38 - 000248008 _____ (Ask.com) C:\Users\April\AppData\Local\Temp\AskSLib.dll
2013-11-30 19:05 - 2015-01-15 23:24 - 000000000 ____D () C:\Users\April\AppData\Local\Temp\avgnt.exe
2013-11-15 19:09 - 2013-11-15 19:12 - 017823624 _____ (Adobe Systems Incorporated) C:\Users\April\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-27 19:15 - 2012-01-27 19:15 - 002376368 _____ (Google Inc.) C:\Users\April\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd5D95.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd7ADA.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsi59BC.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn5BB0.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn7C9F.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nss7914.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsw2248.exe
2014-03-02 14:31 - 2014-03-02 14:31 - 004875800 _____ (AVG Technologies) C:\Users\April\AppData\Local\Temp\oi_{423246A0-8A5A-42C2-AB5C-74E5917C02C3}.exe
2006-10-27 22:34 - 2006-10-27 22:34 - 000145184 ____R (Microsoft Corporation) C:\Users\April\AppData\Local\Temp\ose00000.exe
2013-11-14 20:23 - 2013-11-14 20:26 - 010053561 _____ () C:\Users\April\AppData\Local\Temp\{111308D0-B57F-4E86-B637-44951BF8699A}-31.0.1650.57_30.0.1599.101_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-26 19:50

==================== End of FRST.txt ============================

 

 

# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 01:02:23 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-17-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.APNToolBar.Gen, APNMCP


***** [ Folders ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
PUP.Optional.Legacy, C:\Program Files (x86)\AVG Security Toolbar
PUP.Optional.Legacy, C:\Program Files (x86)\sweetpacks bundle uninstaller
PUP.Optional.Legacy, C:\Windows\Temp\APNLogs
PUP.Optional.Legacy, C:\Users\April\AppData\Local\Temp\APNLogs
PUP.Optional.Ask, C:\ProgramData\AskPartnerNetwork
PUP.Optional.Ask, C:\ProgramData\Application Data\AskPartnerNetwork
PUP.Optional.Ask, C:\Program Files (x86)\AskPartnerNetwork
PUP.Optional.Ask, C:\Users\All Users\AskPartnerNetwork
PUP.Optional.Ask, C:\Users\April\AppData\Local\AskPartnerNetwork
Rogue.ForcedExtension, C:\ProgramData\apn
Rogue.ForcedExtension, C:\ProgramData\Application Data\apn
Rogue.ForcedExtension, C:\Users\All Users\apn
Rogue.ForcedExtension, C:\Users\April\AppData\Local\Temp\apn
PUP.Optional.APNToolBar.Gen, C:\Windows\Temp\APN-Stub
PUP.Optional.APNToolBar.Gen, C:\Users\April\AppData\Local\Temp\APN-Stub
PUP.Optional.WebSteroids, C:\ProgramData\Websteroids
PUP.Optional.WebSteroids, C:\ProgramData\Application Data\Websteroids
PUP.Optional.WebSteroids, C:\Users\All Users\Websteroids
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_0215tb
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_0516tb
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_0814tb
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_1214tb


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic, AVG-SSU_0516tb
PUP.Adware.Heuristic, AVG-SSU_0516tb_DELETE
PUP.Adware.Heuristic, AVG-SSU_0516tb
PUP.Adware.Heuristic, AVG-SSU_0516tb_DELETE


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d25s4dbsms5nvt.cloudfront.net
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {FED6A736-129B-49C7-857E-25FC91E87DB3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{DB40EAF2-2025-4F74-B9EF-7C0782F26C84}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ApnTBMon
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
PUP.Optional.Ask, [Key] - HKLM\SOFTWARE\AskPartnerNetwork
PUP.Optional.Ask, [Key] - HKU\.DEFAULT\Software\AskPartnerNetwork
PUP.Optional.Ask, [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\AskPartnerNetwork
PUP.Optional.Ask, [Key] - HKU\S-1-5-18\Software\AskPartnerNetwork
PUP.Optional.Ask, [Key] - HKCU\Software\AskPartnerNetwork
PUP.Optional.SweetIM, [Key] - HKLM\SOFTWARE\SweetIM
PUP.Optional.SweetIM, [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\SweetIM
PUP.Optional.SweetIM, [Key] - HKCU\Software\SweetIM
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
PUP.Optional.APNToolBar.Gen, [Key] - HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.APNToolBar.Gen, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.APNToolBar.Gen, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.APNToolBar.Gen, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.APNToolBar.Gen, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.DynConIE, [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\AppDataLow\Software\DynConIE
PUP.Optional.DynConIE, [Key] - HKCU\Software\AppDataLow\Software\DynConIE
PUP.Optional.DynConIE, [Key] - HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL
PUP.Optional.SuperOptimizer, [Key] - HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
PUP.Optional.SuperOptimizer, [Key] - HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
PUP.Optional.WebSteroids, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Avira SearchFree Toolbar plus Web Protection -
PUP.Optional.Legacy, Plugin found: McAfee Security Scan+ -
PUP.Optional.Legacy, SearchProvider found: Conduit Search - conduit.search
PUP.Optional.MultiIE, Plugin found: Websteroids -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########



#4 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 25 October 2017 - 01:44 AM

Thanks for the logs but you didn’t follow the instructions. When you ran AdwCleaner you ran a scan but didn’t ‘clean’ what was found and therefore the FRST log is no help.

Please run AdwCleaner again and when it has finished, leave everything that was found checked, (ticked), then click on Clean

If it asks to reboot, allow the reboot and then post the new log.

===================================================

Sorry about the link for JRT. Please try again with this link.

===================================================

Please delete the previous FRST logs, (located at C:\Users\April\Downloads), and then run FRST again making sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan
 


Edited by satchfan, 25 October 2017 - 02:48 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 25 October 2017 - 11:08 AM

I did run AdwCleaner and clicked on Clean. I'll do what you ask but I sent the AdwCleaner[S0]. Should I have sent the AdwCleaner[C0] or both?



#6 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 25 October 2017 - 11:46 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by April (Administrator) on Wed 10/25/2017 at  9:33:08.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 87

Successfully deleted: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh (Folder)
Successfully deleted: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh (Folder)
Successfully deleted: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb (Folder)
Successfully deleted: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage-journal (File)
Successfully deleted: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage (File)
Successfully deleted: C:\Users\April\Documents\optimizer pro (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N2YLN10 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\322PYXVL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IIYNEK7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JZJ47IC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XLMEV0E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48NLC75O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48POXFUG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HK4L09D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63O0KAYM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97SD0F17 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RTKK7IL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4DCVOI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCIU2WVW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6UVY02T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBOT4T54 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTFZZYYF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAGZGJUD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ0BVOQ1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWCPISLD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2N9DT8U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K33Q42O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU64TJZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2Z77TY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8RHLDLG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1DKJITR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P77MU3IT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBP44QX8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS3141T4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7BSUG2Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZGEZ476 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPLLV8OZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5AXR21V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQEIYJEW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4GIFPZO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5DKSO0Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\April\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXY2HCOF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N2YLN10 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\322PYXVL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IIYNEK7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JZJ47IC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XLMEV0E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48NLC75O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48POXFUG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HK4L09D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63O0KAYM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\97SD0F17 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RTKK7IL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4DCVOI8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCIU2WVW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6UVY02T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBOT4T54 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTFZZYYF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAGZGJUD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ0BVOQ1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWCPISLD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K2N9DT8U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K33Q42O1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KU64TJZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ2Z77TY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8RHLDLG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1DKJITR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P77MU3IT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBP44QX8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS3141T4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7BSUG2Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TZGEZ476 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPLLV8OZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5AXR21V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQEIYJEW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4GIFPZO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5DKSO0Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXY2HCOF (Temporary Internet Files Folder)

Deleted the following from C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default\prefs.js
user_pref(browser.search.defaultenginename, Conduit Search);
user_pref(browser.search.defaultenginename.US, AVG Secure Search);
user_pref(browser.search.selectedEngine, Conduit Search);



Registry: 5

Successfully deleted: HKLM\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/25/2017 at  9:37:07.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 16:23:55 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-17-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Ask, C:\ProgramData\AskPartnerNetwork
PUP.Optional.Ask, C:\ProgramData\Application Data\AskPartnerNetwork
PUP.Optional.Ask, C:\Program Files (x86)\AskPartnerNetwork
PUP.Optional.Ask, C:\Users\All Users\AskPartnerNetwork
Rogue.ForcedExtension, C:\Users\April\AppData\Local\Temp\apn


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | ApnTBMon
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
PUP.Optional.Ask, [Key] - HKLM\SOFTWARE\AskPartnerNetwork
PUP.Optional.Ask, [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\AskPartnerNetwork
PUP.Optional.Ask, [Key] - HKCU\Software\AskPartnerNetwork
PUP.Optional.APNToolBar.Gen, [Key] - HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.APNToolBar.Gen, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
PUP.Optional.APNToolBar.Gen, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {41564952-412D-5637-00A7-7A786E7484D7}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Avira SearchFree Toolbar plus Web Protection -
PUP.Optional.Legacy, Plugin found: McAfee Security Scan+ -
PUP.Optional.MultiIE, Plugin found: Websteroids -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

# AdwCleaner 7.0.3.1 - Logfile created on Wed Oct 25 16:24:38 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\AskPartnerNetwork
Deleted: C:\ProgramData\Application Data\AskPartnerNetwork
Deleted: C:\Program Files (x86)\AskPartnerNetwork
Deleted: C:\Users\All Users\AskPartnerNetwork
Deleted: C:\Users\April\AppData\Local\Temp\apn


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ApnTBMon
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
Deleted: [Key] - HKLM\SOFTWARE\AskPartnerNetwork
Deleted: [Key] - HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Software\AskPartnerNetwork
Deleted: [Key] - HKCU\Software\AskPartnerNetwork
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{41564952-412D-5637-00A7-7A786E7484D7}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Avira SearchFree Toolbar plus Web Protection -
Plugin deleted: McAfee Security Scan+ -
Plugin deleted: Websteroids -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2616 B] - [2017/10/25 16:23:55]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2017
Ran by April (25-10-2017 09:48:19)
Running from C:\Users\April\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-25 23:20:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-8038656-3629219085-2855119699-500 - Administrator - Disabled)
April (S-1-5-21-8038656-3629219085-2855119699-1000 - Administrator - Enabled) => C:\Users\April
Guest (S-1-5-21-8038656-3629219085-2855119699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-8038656-3629219085-2855119699-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8180004F-8861-8051-87FE-C892A27A9AFB}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C2802}) (Version: 12.40.2.3945 - APN, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.26.01 - Broadcom Corporation)
Budget Tracker Deluxe (HKLM-x32\...\{A4ECCC05-F645-412C-A77D-EF4F5E3234C2}) (Version: 1.0.0.0 - Avanquest North America Inc.)
ccc-core-static (HKLM-x32\...\{9481AC23-C241-79A2-C7AE-2AAF1568780A}) (Version: 2009.0625.1812.30825 - ATI) Hidden
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
LG VZW United Drivers (HKLM-x32\...\{FF712194-6643-4E4D-A340-2D447A644F75}) (Version: 2.16.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive for Windows (HKLM-x32\...\{C96D82F1-6CB0-42C2-8ED3-C3DD739E0280}) (Version: 3.4.0 - OverDrive, Inc.)
PowerDVD (HKLM-x32\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Remote Desktop Connection (HKLM-x32\...\{82AE5DA6-4D28-40C2-BF21-9F2B90EF488E}) (Version: 5.1.2600.1106 - Microsoft)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Sesame Street - Learn, Play & Grow (HKLM-x32\...\{33785AE7-2203-4D93-B6B3-35B7CC3C4906}) (Version: 1.0.0.6 - Nova Development)
Sonic Activation Module (HKLM-x32\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Sonic Solutions) Hidden
Spotify (HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-10-25] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-06-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-10-25] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C2D68F2-F8C8-49DC-862F-7D36E68F8E82} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {5892FDA8-C9C7-43FD-8344-51DCF1DD736F} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {7D48ED29-D6C9-42F5-9DFE-645D90D5353E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81401AB2-80BC-4C44-A0BF-7F6B7FEFB32D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15] (Adobe Systems Incorporated)
Task: {ADBA19BB-BAF7-4A96-94D3-DC43A17404F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E76C3A5F-22AB-426B-A88A-DA593E74A4E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-12-11 10:15 - 2006-08-18 14:17 - 000049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2012-11-28 15:13 - 2012-11-28 15:13 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 74.40.74.40 - 74.40.74.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{438F5AA0-2818-45B3-8EAE-DE9BB42AFCB3}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{E76C2302-A890-4D32-841A-33D00A2A2F94}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{BB48C9D3-5ACA-4EB7-BEA6-A7EE1A8FB2E7}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6E65428C-B362-46B1-8236-57867474F00F}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A4479D37-7707-4692-A738-F1EF831E351E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4F4CA793-B350-43AD-A577-E2FDBC10B575}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA64B02E-83FE-4C94-A32F-77B2CCBCDE22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF9B0ED2-C167-4231-83CA-E8008D3A1484}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4ABA585-4713-4746-8DB6-20C6839A48B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7E9608D8-983F-4E0E-B622-07910A79D9E1}C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe] => (Block) C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
FirewallRules: [UDP Query User{FF8DF567-AC04-4CA7-8C4E-AEB81A98E8EC}C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe] => (Block) C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
FirewallRules: [{D705E7EB-1C82-480A-AA2B-2433EA625988}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DE3D0915-34ED-4038-BEE4-C7E5FD38D477}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2EAC6CAA-1ED0-4969-A429-320C7EA69556}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5B53A0E-106B-47D3-B6F8-569E72999A17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B60FCB-4342-4C80-AEDA-48B368A75998}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{65BCA811-2ED5-4AE7-B2D7-9972EC8497A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A99E8F8B-7673-45D8-9E64-A2A58F3159A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{AF6231DB-B3A3-42E3-BE0B-6983A2F93B95}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{526A1A82-1953-4BE9-A0F6-915DE929DBDF}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AC2D6C66-41BC-4F1E-9003-73672E3BB1A3}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D06A7F74-C670-4604-8174-A9B9B3FC3465}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7CBE05D7-1044-4ED1-9043-207889BC9E0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5EC9998-AABC-4E1C-982B-5B9703588306}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AD471BAB-C7B0-40F6-9087-38D1862527B5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4ED3383B-07DE-44D6-B16F-287CCE127EA6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{C77E9757-0DEF-4C23-A2CC-188E1007486F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-04-2016 22:37:05 Scheduled Checkpoint
02-04-2016 03:00:44 Windows Update
14-04-2016 17:35:40 Scheduled Checkpoint
15-04-2016 03:00:38 Windows Update
26-04-2016 19:18:34 Scheduled Checkpoint
19-10-2017 11:07:26 Scheduled Checkpoint
25-10-2017 09:31:49 JRT Pre-Junkware Removal
25-10-2017 09:33:08 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2017 09:27:37 AM) (Source: MsiInstaller) (EventID: 11705) (User: April-PC)
Description: Product: Avira Launcher -- Error 1705. A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (10/24/2017 06:45:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9999

Error: (10/24/2017 06:45:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9999

Error: (10/24/2017 06:45:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/24/2017 06:45:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001

Error: (10/24/2017 06:45:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9001

Error: (10/24/2017 06:45:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/24/2017 06:45:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (10/24/2017 06:45:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (10/24/2017 06:45:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/25/2017 09:25:23 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.

Error: (10/25/2017 09:24:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/25/2017 09:24:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/25/2017 09:24:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 30%
Total physical RAM: 6135.12 MB
Available physical RAM: 4288.63 MB
Total Virtual: 12268.42 MB
Available Virtual: 9928.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:561.05 GB) NTFS
Drive g: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E665C125)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 62.5 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-10-2017
Ran by April (administrator) on APRIL-PC (25-10-2017 09:47:50)
Running from C:\Users\April\Downloads
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Roxio) C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [831576 2017-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-27] (Google Inc.)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Spotify Web Helper] => C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2017-10-18] (Spotify Ltd)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Spotify] => C:\Users\April\AppData\Roaming\Spotify\Spotify.exe [6890608 2017-10-18] (Spotify Ltd)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {42209d28-7bd7-11e4-922a-002564ebb2ec} - I:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {891568d9-d17b-11e5-89c4-002564ebb2ec} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {d285bb52-b60a-11e1-857e-002564ebb2ec} - I:\LaunchU3.exe -a
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 74.40.74.40 74.40.74.41
Tcpip\..\Interfaces\{C3FE697E-1729-4C77-8EA1-BBF2BB1D7BF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C8528867-5F5F-4659-9F1A-6C087A138284}: [DhcpNameServer] 74.40.74.40 74.40.74.41

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2200

FireFox:
========
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default [2017-10-25]
FF Homepage: Mozilla\Firefox\Profiles\sj2b0wcx.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\sj2b0wcx.default ->
FF Extension: (Avira Browser Safety) - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default\Extensions\abs@avira.com [2017-10-24]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [988184 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [470600 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [470600 2017-10-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1453696 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2017-10-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2017-10-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2017-10-25] (Avira Operations GmbH & Co. KG)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [24576 2014-05-27] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2014-05-27] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-05-27] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-25 09:47 - 2017-10-25 09:48 - 000013843 _____ C:\Users\April\Downloads\FRST.txt
2017-10-25 09:47 - 2017-10-25 09:47 - 000000000 ____D C:\Users\April\Downloads\FRST-OlderVersion
2017-10-25 09:37 - 2017-10-25 09:37 - 000015573 _____ C:\Users\April\Desktop\JRT.txt
2017-10-25 09:32 - 2017-10-25 09:32 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-10-25 09:23 - 2017-10-25 09:23 - 001790024 _____ (Malwarebytes) C:\Users\April\Downloads\JRT.exe
2017-10-24 18:01 - 2017-10-25 09:24 - 000000000 ____D C:\AdwCleaner
2017-10-24 17:59 - 2017-10-24 18:00 - 008250832 _____ (Malwarebytes) C:\Users\April\Downloads\adwcleaner_7.0.3.1.exe
2017-10-24 10:56 - 2017-10-25 09:47 - 002403328 _____ (Farbar) C:\Users\April\Downloads\FRST64.exe
2017-10-24 10:56 - 2017-10-25 09:47 - 000000000 ____D C:\FRST
2017-10-24 10:51 - 2017-10-24 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-10-24 10:51 - 2017-10-24 10:51 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-25 09:33 - 2015-01-15 23:24 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-25 09:33 - 2014-08-07 10:43 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-10-25 09:33 - 2013-11-07 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-25 09:32 - 2009-07-13 21:45 - 000015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-25 09:32 - 2009-07-13 21:45 - 000015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-25 09:31 - 2015-09-07 10:51 - 000000000 ____D C:\Users\April\AppData\Roaming\Spotify
2017-10-25 09:26 - 2015-09-07 10:51 - 000000000 ____D C:\Users\April\AppData\Local\Spotify
2017-10-25 09:26 - 2012-12-12 22:03 - 000000000 ____D C:\MDT
2017-10-25 09:25 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-25 09:22 - 2013-11-07 20:52 - 000171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-10-25 09:22 - 2013-11-07 20:52 - 000145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-10-25 09:22 - 2013-11-07 20:52 - 000079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-10-24 17:56 - 2012-01-27 19:15 - 000000000 ____D C:\Users\April\AppData\Local\Google
2017-10-24 11:01 - 2012-02-05 12:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-24 10:52 - 2012-01-27 19:15 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-10-24 10:52 - 2012-01-27 19:15 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-24 10:51 - 2015-11-09 19:20 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-10-24 10:51 - 2013-11-15 19:17 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2014-03-02 14:31 - 2014-06-02 09:00 - 000003748 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-01-19 18:44 - 2013-01-19 18:44 - 000003584 _____ () C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
2012-08-22 20:38 - 2012-08-22 20:38 - 000248008 _____ (Ask.com) C:\Users\April\AppData\Local\Temp\AskSLib.dll
2013-11-30 19:05 - 2015-01-15 23:24 - 000000000 ____D () C:\Users\April\AppData\Local\Temp\avgnt.exe
2013-11-15 19:09 - 2013-11-15 19:12 - 017823624 _____ (Adobe Systems Incorporated) C:\Users\April\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-27 19:15 - 2012-01-27 19:15 - 002376368 _____ (Google Inc.) C:\Users\April\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd5D95.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd7ADA.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsi59BC.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn5BB0.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn7C9F.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nss7914.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsw2248.exe
2014-03-02 14:31 - 2014-03-02 14:31 - 004875800 _____ (AVG Technologies) C:\Users\April\AppData\Local\Temp\oi_{423246A0-8A5A-42C2-AB5C-74E5917C02C3}.exe
2006-10-27 22:34 - 2006-10-27 22:34 - 000145184 ____R (Microsoft Corporation) C:\Users\April\AppData\Local\Temp\ose00000.exe
2013-11-14 20:23 - 2013-11-14 20:26 - 010053561 _____ () C:\Users\April\AppData\Local\Temp\{111308D0-B57F-4E86-B637-44951BF8699A}-31.0.1650.57_30.0.1599.101_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-26 19:50

==================== End of FRST.txt ============================



#7 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 25 October 2017 - 04:02 PM

You've done fine now and sent the logs I needed.

 

It's possible that things have already improved but I need to look at the FRST log and then I'll get in touch with further instructions but I'm afraid that because of our time difference it will be tomorrow, (GMT).

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 26 October 2017 - 02:38 AM

It looks like the previous scans did their job.

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool


    C:\Users\April\Downloads
     

  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {42209d28-7bd7-11e4-922a-002564ebb2ec} - I:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {891568d9-d17b-11e5-89c4-002564ebb2ec} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {d285bb52-b60a-11e1-857e-002564ebb2ec} - I:\LaunchU3.exe -a
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2012-08-22 20:38 - 2012-08-22 20:38 - 000248008 _____ (Ask.com) C:\Users\April\AppData\Local\Temp\AskSLib.dll
2013-11-30 19:05 - 2015-01-15 23:24 - 000000000 ____D () C:\Users\April\AppData\Local\Temp\avgnt.exe
2013-11-15 19:09 - 2013-11-15 19:12 - 017823624 _____ (Adobe Systems Incorporated) C:\Users\April\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-27 19:15 - 2012-01-27 19:15 - 002376368 _____ (Google Inc.) C:\Users\April\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd5D95.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd7ADA.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsi59BC.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn5BB0.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn7C9F.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nss7914.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsw2248.exe
2014-03-02 14:31 - 2014-03-02 14:31 - 004875800 _____ (AVG Technologies) C:\Users\April\AppData\Local\Temp\oi_{423246A0-8A5A-42C2-AB5C-74E5917C02C3}.exe
2006-10-27 22:34 - 2006-10-27 22:34 - 000145184 ____R (Microsoft Corporation) C:\Users\April\AppData\Local\Temp\ose00000.exe
2013-11-14 20:23 - 2013-11-14 20:26 - 010053561 _____ () C:\Users\April\AppData\Local\Temp\{111308D0-B57F-4E86-B637-44951BF8699A}-31.0.1650.57_30.0.1599.101_chrome_updater.exe
Task: {ADBA19BB-BAF7-4A96-94D3-DC43A17404F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

===================================================

Run Malwarebytes Anti-Malware

Please download and run the installer for Malwarebytes 3.0.

  • follow the prompts to install the program, (Malwarebytes 3.0 will automatically upgrade Malwarebytes Anti-Malware 2.x to Malwarebytes 3.0)
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program)
  • click Finish
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the ‘History’ tab, the ‘Application Logs’
  • double-click on the scan log which shows the date and time of the scan just performed
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 26 October 2017 - 12:22 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by April (26-10-2017 10:05:24) Run:1
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {42209d28-7bd7-11e4-922a-002564ebb2ec} - I:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {891568d9-d17b-11e5-89c4-002564ebb2ec} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\MountPoints2: {d285bb52-b60a-11e1-857e-002564ebb2ec} - I:\LaunchU3.exe -a
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
FF
HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2012-08-22 20:38 - 2012-08-22 20:38 - 000248008 _____ (Ask.com) C:\Users\April\AppData\Local\Temp\AskSLib.dll
2013-11-30 19:05 - 2015-01-15 23:24 - 000000000 ____D () C:\Users\April\AppData\Local\Temp\avgnt.exe
2013-11-15 19:09 - 2013-11-15 19:12 - 017823624 _____ (Adobe Systems Incorporated) C:\Users\April\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-27 19:15 - 2012-01-27 19:15 - 002376368 _____ (Google Inc.)
C:\Users\April\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd5D95.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsd7ADA.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsi59BC.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn5BB0.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsn7C9F.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nss7914.exe
2014-02-12 04:54 - 2014-02-12 04:54 - 000167812 _____ (Conduit) C:\Users\April\AppData\Local\Temp\nsw2248.exe
2014-03-02 14:31 - 2014-03-02 14:31 - 004875800 _____ (AVG Technologies)
C:\Users\April\AppData\Local\Temp\oi_{423246A0-8A5A-42C2-AB5C-74E5917C02C3}.exe
2006-10-27 22:34 - 2006-10-27 22:34 - 000145184 ____R (Microsoft Corporation) C:\Users\April\AppData\Local\Temp\ose00000.exe
2013-11-14 20:23 - 2013-11-14 20:26 - 010053561 _____ () C:\Users\April\AppData\Local\Temp\{111308D0-B57F-4E86-B637-44951BF8699A}-31.0.1650.57_30.0.1599.101_chrome_updater.exe
Task: {ADBA19BB-BAF7-4A96-94D3-DC43A17404F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
EmptyTemp:

*****************

Processes closed successfully.
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42209d28-7bd7-11e4-922a-002564ebb2ec} => key removed successfully
HKLM\Software\Classes\CLSID\{42209d28-7bd7-11e4-922a-002564ebb2ec} => key not found.
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{891568d9-d17b-11e5-89c4-002564ebb2ec} => key removed successfully
HKLM\Software\Classes\CLSID\{891568d9-d17b-11e5-89c4-002564ebb2ec} => key not found.
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d285bb52-b60a-11e1-857e-002564ebb2ec} => key removed successfully
HKLM\Software\Classes\CLSID\{d285bb52-b60a-11e1-857e-002564ebb2ec} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} => key not found.
FF => Error: No automatic fix found for this entry.
HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
C:\Users\April\AppData\Local\Temp\AskSLib.dll => moved successfully
C:\Users\April\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\April\AppData\Local\Temp\fp_pl_pfs_installer.exe => moved successfully
"2012-01-27 19:15 - 2012-01-27 19:15 - 002376368 _____ (Google Inc.)" => not found.
C:\Users\April\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nsd5D95.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nsd7ADA.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nsi59BC.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nsn5BB0.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nsn7C9F.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nss7914.exe => moved successfully
C:\Users\April\AppData\Local\Temp\nsw2248.exe => moved successfully
"2014-03-02 14:31 - 2014-03-02 14:31 - 004875800 _____ (AVG Technologies)" => not found.
C:\Users\April\AppData\Local\Temp\oi_{423246A0-8A5A-42C2-AB5C-74E5917C02C3}.exe => moved successfully
C:\Users\April\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\April\AppData\Local\Temp\{111308D0-B57F-4E86-B637-44951BF8699A}-31.0.1650.57_30.0.1599.101_chrome_updater.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADBA19BB-BAF7-4A96-94D3-DC43A17404F8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADBA19BB-BAF7-4A96-94D3-DC43A17404F8} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 122192257 B
Java, Flash, Steam htmlcache => 38927 B
Windows/system/drivers => 3065312549 B
Edge => 0 B
Chrome => 161650956 B
Firefox => 372840996 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36092986 B
systemprofile32 => 60167930 B
LocalService => 132244 B
NetworkService => 859984 B
April => 543560311 B

RecycleBin => 20304105700 B
EmptyTemp: => 23 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:06:44 ====

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/26/17
Scan Time: 10:21 AM
Log File: 28c1ceae-ba72-11e7-b556-002564ebb2ec.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3102
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: April-PC\April

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330747
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 5 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{41564952-412D-5637-00A7-A758B70C2802}, Quarantined, [12405], [245530],1.0.3102

Registry Value: 1
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{41564952-412D-5637-00A7-A758B70C2802}|INSTALLSOURCE, Quarantined, [12405], [245530],1.0.3102

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#10 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 26 October 2017 - 02:04 PM

Can you tell me if there are any outstanding problems.

You didn't answer that.

 

We'll run another scan and when you send the results can you please tell me how your computer is.

 

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
  • the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
  • when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning
  • when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
  • when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
  • please save the Notepad log on your desktop and post the contents in your next reply
  • when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 26 October 2017 - 03:09 PM

Emsisoft Emergency Kit - Version 2017.8
Last update: 10/26/2017 12:57:00 PM
User account: April-PC\April
Computer name: APRIL-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start:    10/26/2017 1:11:07 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DYNCONIE.DYNCONIEOBJECT     detected: Application.AdReg (A) [271706]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO     detected: Application.AdReg (A) [272387]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1     detected: Application.AdReg (A) [272388]

Scanned    74454
Found    3

Scan end:    10/26/2017 1:20:32 PM
Scan time:    0:09:25

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1     Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO     Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DYNCONIE.DYNCONIEOBJECT     Application.AdReg (A)

Quarantined    3
 

The computer seems to be working okay for me. My niece brought this to me and I did the normal things like update security releases for Windows, updated the virus protection and ran them.



#12 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 26 October 2017 - 05:11 PM

Glad to hear that things are better.

 

You need to uninstall two programmes but first:

Delete the previous FRST log, fixlog.txt

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested

===================================================

Uninstall programs

Please uninstall these programmes:


Google Toolbar for Internet Explorer
Google Update Helper

 

===================================================

Please run FRST again and make sure there is a checkmark next to ‘Addition.txt’ before you hit Scan.

Logs to include with next post:

New Frst.txt
New Addition.txt


Thanks

Satchfan


Edited by satchfan, 27 October 2017 - 01:36 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 October 2017 - 12:07 PM

I couldn't find the Google Update Helper to uninstall.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2017
Ran by April (27-10-2017 10:18:34)
Running from C:\Users\April\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-25 23:20:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-8038656-3629219085-2855119699-500 - Administrator - Disabled)
April (S-1-5-21-8038656-3629219085-2855119699-1000 - Administrator - Enabled) => C:\Users\April
Guest (S-1-5-21-8038656-3629219085-2855119699-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-8038656-3629219085-2855119699-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8180004F-8861-8051-87FE-C892A27A9AFB}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{79C4A62C-8CC2-44AC-91FE-1299A215B4B7}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{f5da837f-e932-4f55-995c-7e97c5cbebdd}) (Version: 1.2.98.29730 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.32.12 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.26.01 - Broadcom Corporation)
Budget Tracker Deluxe (HKLM-x32\...\{A4ECCC05-F645-412C-A77D-EF4F5E3234C2}) (Version: 1.0.0.0 - Avanquest North America Inc.)
ccc-core-static (HKLM-x32\...\{9481AC23-C241-79A2-C7AE-2AAF1568780A}) (Version: 2009.0625.1812.30825 - ATI) Hidden
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{F4330A8B-3610-4483-975E-69789B70A764}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
LG VZW United Drivers (HKLM-x32\...\{FF712194-6643-4E4D-A340-2D447A644F75}) (Version: 2.16.1 - LG Electronics)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive for Windows (HKLM-x32\...\{C96D82F1-6CB0-42C2-8ED3-C3DD739E0280}) (Version: 3.4.0 - OverDrive, Inc.)
PowerDVD (HKLM-x32\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Remote Desktop Connection (HKLM-x32\...\{82AE5DA6-4D28-40C2-BF21-9F2B90EF488E}) (Version: 5.1.2600.1106 - Microsoft)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Sesame Street - Learn, Play & Grow (HKLM-x32\...\{33785AE7-2203-4D93-B6B3-35B7CC3C4906}) (Version: 1.0.0.6 - Nova Development)
Sonic Activation Module (HKLM-x32\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Sonic Solutions) Hidden
Spotify (HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-10-26] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-06-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2017-10-26] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C2D68F2-F8C8-49DC-862F-7D36E68F8E82} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HpWebReg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {5892FDA8-C9C7-43FD-8344-51DCF1DD736F} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {7D48ED29-D6C9-42F5-9DFE-645D90D5353E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81401AB2-80BC-4C44-A0BF-7F6B7FEFB32D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {87BECBC1-B299-4C32-96DC-AF48119C9FE8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {CE6BF4A8-6B47-4008-B294-E4BF2B9E26B8} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2017-10-26] (Avira Operations GmbH & Co. KG)
Task: {E76C3A5F-22AB-426B-A88A-DA593E74A4E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-12-11 10:15 - 2006-08-18 14:17 - 000049912 _____ () C:\Windows\system32\DLAAPI_W.DLL
2008-11-18 13:00 - 2008-11-18 13:00 - 000016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-01-26 06:50 - 2012-01-26 06:50 - 000270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-10-26 10:21 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-09-07 10:51 - 2017-10-18 16:27 - 047503472 _____ () C:\Users\April\AppData\Roaming\Spotify\libcef.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 000087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-07 10:51 - 2017-10-18 16:27 - 001584240 _____ () C:\Users\April\AppData\Roaming\Spotify\libglesv2.dll
2015-09-07 10:51 - 2017-10-18 16:27 - 000082032 _____ () C:\Users\April\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 74.40.74.40 - 74.40.74.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{438F5AA0-2818-45B3-8EAE-DE9BB42AFCB3}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{E76C2302-A890-4D32-841A-33D00A2A2F94}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{BB48C9D3-5ACA-4EB7-BEA6-A7EE1A8FB2E7}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6E65428C-B362-46B1-8236-57867474F00F}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A4479D37-7707-4692-A738-F1EF831E351E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{4F4CA793-B350-43AD-A577-E2FDBC10B575}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA64B02E-83FE-4C94-A32F-77B2CCBCDE22}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF9B0ED2-C167-4231-83CA-E8008D3A1484}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4ABA585-4713-4746-8DB6-20C6839A48B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7E9608D8-983F-4E0E-B622-07910A79D9E1}C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe] => (Block) C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
FirewallRules: [UDP Query User{FF8DF567-AC04-4CA7-8C4E-AEB81A98E8EC}C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe] => (Block) C:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe
FirewallRules: [{D705E7EB-1C82-480A-AA2B-2433EA625988}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{DE3D0915-34ED-4038-BEE4-C7E5FD38D477}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2EAC6CAA-1ED0-4969-A429-320C7EA69556}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5B53A0E-106B-47D3-B6F8-569E72999A17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4B60FCB-4342-4C80-AEDA-48B368A75998}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{65BCA811-2ED5-4AE7-B2D7-9972EC8497A0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A99E8F8B-7673-45D8-9E64-A2A58F3159A7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{AF6231DB-B3A3-42E3-BE0B-6983A2F93B95}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{526A1A82-1953-4BE9-A0F6-915DE929DBDF}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AC2D6C66-41BC-4F1E-9003-73672E3BB1A3}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D06A7F74-C670-4604-8174-A9B9B3FC3465}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7CBE05D7-1044-4ED1-9043-207889BC9E0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5EC9998-AABC-4E1C-982B-5B9703588306}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AD471BAB-C7B0-40F6-9087-38D1862527B5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4ED3383B-07DE-44D6-B16F-287CCE127EA6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{C77E9757-0DEF-4C23-A2CC-188E1007486F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-10-2017 11:07:26 Scheduled Checkpoint
25-10-2017 09:31:49 JRT Pre-Junkware Removal
25-10-2017 09:33:08 JRT Pre-Junkware Removal
26-10-2017 13:44:45 Windows Update
26-10-2017 14:59:36 Windows Update
27-10-2017 03:13:54 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2017 09:52:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13057

Error: (10/27/2017 09:52:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13057

Error: (10/27/2017 09:52:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2017 09:52:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12059

Error: (10/27/2017 09:52:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12059

Error: (10/27/2017 09:52:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2017 09:52:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11060

Error: (10/27/2017 09:52:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11060

Error: (10/27/2017 09:52:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/27/2017 09:52:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10046


System errors:
=============
Error: (10/27/2017 10:13:46 AM) (Source: Application Popup) (EventID: 876) (User: )
Description: Driver DLACDBHE.SYS has been blocked from loading.

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/27/2017 10:12:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea RT Filters Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 31%
Total physical RAM: 6135.12 MB
Available physical RAM: 4208.82 MB
Total Virtual: 12268.42 MB
Available Virtual: 10006.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:578.89 GB) NTFS
Drive g: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E665C125)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 62.5 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
Ran by April (administrator) on APRIL-PC (27-10-2017 10:17:29)
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\Spotify.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Roxio) C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RoxioDragToDisc] => C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [MoneyAgent] => C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200767 2002-07-17] (Microsoft Corporation)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Spotify Web Helper] => C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2017-10-18] (Spotify Ltd)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\...\Run: [Spotify] => C:\Users\April\AppData\Roaming\Spotify\Spotify.exe [6890608 2017-10-18] (Spotify Ltd)
HKU\S-1-5-21-8038656-3629219085-2855119699-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 74.40.74.40 74.40.74.41
Tcpip\..\Interfaces\{C3FE697E-1729-4C77-8EA1-BBF2BB1D7BF4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C8528867-5F5F-4659-9F1A-6C087A138284}: [DhcpNameServer] 74.40.74.40 74.40.74.41

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-8038656-3629219085-2855119699-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2200

FireFox:
========
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default [2017-10-27]
FF Homepage: Mozilla\Firefox\Profiles\sj2b0wcx.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\sj2b0wcx.default ->
FF Extension: (Avira Browser Safety) - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\sj2b0wcx.default\Extensions\abs@avira.com [2017-10-24]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\19.0.0.10 => not found
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-10-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-10-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1525240 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [194272 2017-10-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [151128 2017-10-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-10-26] (Avira Operations GmbH & Co. KG)
R2 DLABMFSE; C:\Windows\System32\DLA\DLABMFSE.SYS [44152 2006-08-18] (Roxio)
R2 DLABOIOE; C:\Windows\System32\DLA\DLABOIOE.SYS [41976 2006-08-18] (Roxio)
S1 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [15992 2006-08-11] (Roxio)
R2 DLADResE; C:\Windows\System32\DLA\DLADResE.SYS [10360 2006-08-18] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\DLA\DLAIFS_E.SYS [141432 2006-08-18] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\DLA\DLAOPIOE.SYS [33656 2006-08-18] (Roxio)
R2 DLAPoolE; C:\Windows\System32\DLA\DLAPoolE.SYS [18040 2006-08-18] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [39288 2006-08-11] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\DLA\DLAUDFAE.SYS [136952 2006-08-18] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\DLA\DLAUDF_E.SYS [143096 2006-08-18] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [122776 2006-07-21] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63608 2006-08-11] (Roxio)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-10-27] (Malwarebytes)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [24576 2014-05-27] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2014-05-27] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-05-27] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-27 10:17 - 2017-10-27 10:18 - 000012616 _____ C:\Users\April\Desktop\FRST.txt
2017-10-27 10:12 - 2017-10-27 10:12 - 000001266 _____ C:\Users\April\Desktop\Fixlog.txt
2017-10-27 09:22 - 2017-10-27 10:15 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-10-27 03:19 - 2017-10-27 03:19 - 000771088 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-10-26 15:05 - 2017-10-27 09:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-10-26 15:05 - 2017-10-26 15:06 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-10-26 15:05 - 2017-10-26 15:05 - 000002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-10-26 13:46 - 2017-04-27 15:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-10-26 13:46 - 2017-04-12 06:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-10-26 13:39 - 2015-01-08 20:14 - 000950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2017-10-26 13:39 - 2015-01-08 20:14 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2017-10-26 13:39 - 2015-01-08 20:14 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2017-10-26 13:39 - 2015-01-08 19:48 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2017-10-26 13:32 - 2016-07-22 07:58 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-10-26 13:32 - 2016-07-22 07:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-10-26 13:24 - 2016-04-08 21:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-10-26 13:24 - 2016-04-08 20:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-10-26 13:24 - 2016-03-09 12:00 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-10-26 13:24 - 2016-03-09 12:00 - 000396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-10-26 13:24 - 2016-03-09 11:54 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-10-26 13:24 - 2016-03-09 11:40 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-10-26 13:24 - 2016-03-09 11:40 - 000316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-10-26 13:24 - 2016-03-09 11:34 - 000216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-10-26 13:24 - 2013-08-27 18:12 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-10-26 13:24 - 2013-01-23 23:01 - 000223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2017-10-26 12:56 - 2017-10-26 12:56 - 000000000 ____D C:\ProgramData\Emsisoft
2017-10-26 12:55 - 2017-10-26 12:55 - 000001013 _____ C:\Users\April\Desktop\start emergency kit scanner - Shortcut.lnk
2017-10-26 12:53 - 2017-10-26 13:35 - 000000000 ____D C:\EEK
2017-10-26 12:37 - 2017-10-26 12:53 - 338397712 _____ C:\Users\April\Desktop\EmsisoftEmergencyKit.exe
2017-10-26 10:33 - 2017-10-26 10:33 - 000001469 _____ C:\Users\April\Desktop\Mbam.txt
2017-10-26 10:21 - 2017-10-26 10:21 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-10-26 10:21 - 2017-10-26 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-10-26 10:21 - 2017-10-26 10:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-10-26 10:21 - 2017-10-04 13:15 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-10-26 10:20 - 2017-10-26 10:20 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-26 10:19 - 2017-10-26 10:19 - 000000000 ____D C:\Users\April\AppData\Roaming\Sun
2017-10-26 10:11 - 2017-10-26 10:18 - 071535032 _____ (Malwarebytes ) C:\Users\April\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-10-26 10:04 - 2017-10-26 13:48 - 000003316 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2017-10-26 10:04 - 2017-10-26 10:04 - 000000000 ____D C:\Users\April\Desktop\FRST-OlderVersion
2017-10-26 10:03 - 2017-10-26 10:01 - 000064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-10-26 10:03 - 2017-10-26 10:01 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-10-25 09:47 - 2017-10-25 09:47 - 000000000 ____D C:\Users\April\Downloads\FRST-OlderVersion
2017-10-25 09:37 - 2017-10-25 09:37 - 000015573 _____ C:\Users\April\Desktop\JRT.txt
2017-10-25 09:32 - 2017-10-25 09:32 - 000003122 _____ C:\Windows\System32\Tasks\Avira SystrayStartTrigger
2017-10-25 09:23 - 2017-10-25 09:23 - 001790024 _____ (Malwarebytes) C:\Users\April\Downloads\JRT.exe
2017-10-24 18:01 - 2017-10-25 09:24 - 000000000 ____D C:\AdwCleaner
2017-10-24 17:59 - 2017-10-24 18:00 - 008250832 _____ (Malwarebytes) C:\Users\April\Downloads\adwcleaner_7.0.3.1.exe
2017-10-24 10:56 - 2017-10-27 10:17 - 000000000 ____D C:\FRST
2017-10-24 10:56 - 2017-10-26 10:04 - 002403328 _____ (Farbar) C:\Users\April\Desktop\FRST64.exe
2017-10-24 10:51 - 2017-10-24 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-10-24 10:51 - 2017-10-24 10:51 - 000000000 ____D C:\ProgramData\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-27 10:14 - 2015-09-07 10:51 - 000000000 ____D C:\Users\April\AppData\Local\Spotify
2017-10-27 10:14 - 2012-12-12 22:03 - 000000000 ____D C:\MDT
2017-10-27 10:13 - 2012-01-27 19:15 - 000000000 ____D C:\Program Files\Google
2017-10-27 10:13 - 2012-01-27 19:15 - 000000000 ____D C:\Program Files (x86)\Google
2017-10-27 10:13 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-27 10:10 - 2012-01-27 19:15 - 000000000 ____D C:\Users\April\AppData\Local\Google
2017-10-27 10:10 - 2012-01-27 19:15 - 000000000 ____D C:\ProgramData\Google
2017-10-27 09:30 - 2009-07-13 21:45 - 000015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-27 09:30 - 2009-07-13 21:45 - 000015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-27 09:28 - 2015-09-07 10:51 - 000000000 ____D C:\Users\April\AppData\Roaming\Spotify
2017-10-27 09:15 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\tracing
2017-10-27 03:20 - 2009-07-13 22:13 - 000796060 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-27 03:20 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2017-10-26 15:05 - 2012-02-05 12:13 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-10-26 15:05 - 2012-02-05 12:12 - 000000000 ____D C:\ProgramData\Adobe
2017-10-26 13:51 - 2009-07-13 22:08 - 000032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-26 13:12 - 2015-08-19 20:35 - 000000000 ____D C:\Users\April\Desktop\Magic Mike XXL (2015) 1080p HDRip  x264 AAC2 0-RARBG
2017-10-26 10:35 - 2014-08-07 10:43 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-10-26 10:35 - 2013-11-14 21:02 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-10-26 10:35 - 2012-01-27 19:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-26 10:34 - 2012-01-27 19:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-10-26 10:34 - 2012-01-27 19:15 - 000000000 ____D C:\Windows\system32\Macromed
2017-10-26 10:29 - 2013-12-23 22:39 - 000000000 ____D C:\ProgramData\Oracle
2017-10-26 10:21 - 2012-01-25 17:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-26 10:20 - 2013-12-23 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-26 10:20 - 2013-04-29 16:16 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-26 10:19 - 2013-12-23 22:39 - 000270912 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-10-26 10:19 - 2013-12-23 22:39 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-10-26 10:06 - 2014-04-12 14:18 - 000000000 ____D C:\Users\April\AppData\LocalLow\Temp
2017-10-26 10:04 - 2013-11-07 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-26 10:03 - 2012-02-05 12:14 - 000000000 ____D C:\Users\April\AppData\Local\Adobe
2017-10-26 10:01 - 2013-11-07 20:52 - 000194272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-10-26 10:01 - 2013-11-07 20:52 - 000151128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-10-26 10:01 - 2013-11-07 20:52 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-10-26 10:01 - 2013-11-07 20:52 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-10-25 09:33 - 2015-01-15 23:24 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-24 11:01 - 2012-02-05 12:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-10-24 10:52 - 2012-01-27 19:15 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-10-24 10:51 - 2015-11-09 19:20 - 000000000 ____D C:\Program Files\McAfee Security Scan
2017-10-24 10:51 - 2013-11-15 19:17 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2014-03-02 14:31 - 2014-06-02 09:00 - 000003748 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-01-19 18:44 - 2013-01-19 18:44 - 000003584 _____ () C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-26 19:50

==================== End of FRST.txt ============================



#14 satchfan

satchfan

  • Malware Response Team
  • 2,838 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:37 AM

Posted 27 October 2017 - 04:02 PM

All looks fine apart from Google, which is a problem we have all the time - beats me why anyone uses it.

 

Chrome is a total nuisance and we have countless problems with it. I think that uninstalling the wretched program may the best answer. You cannot remove some Chrome problems except with an uninstall/re-install of Chrome, (even though Google have been aware of this since 2008 and haven't bothered to do anything about it).

Uninstall/Reinstall Google Chrome

First save all your bookmarks/favourites.

  • open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager
  • click on Organise and then select Export Bookmarks to HTML file, then choose Desktop to save it
  • again, click on the three bars in the top right hand corner and select Settings
  • in the list of Settings under “Sign in” click on Disconnect your Google Account – (if “Disconnect your Google Account” is not there, you will have to sign in using your Chrome username and password first to make it visible)
  • in the text of the next window click on “Google Dashboard” then, at the “Chrome sync” screen, click on Stop and Clear at the bottom
  • a box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step)
  • when confirmation appears close that page and then click on Disconnect account
  • shut Google Chrome, click on Start > Control Panel > Programs and Features (or Add/Remove Programs in XP) and uninstall Google Chrome. Select Everything for removal if asked.

Reboot the system and then reinstall Google Chrome from here

Repeat the process to reinstate your bookmarks by going to Bookmarks > Bookmarks Manager > Organise and select Import Bookmarks.

Let me know if you have any more problems.

 

I will be travelling tomorrow and have a long trip so may not answer so quickly but will check in at some point tomorrow and answer.

 

Goodnight, (GMT)

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 DuvallBuck

DuvallBuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 October 2017 - 09:48 PM

Satchfan,

 

As far as I know this computer is working okay. However it is my niece's computer and I wasn't clear about what was wrong. She is even less computer literate than me. So her complaint was that it wasn't working right.

 

Alan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users