Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get my Windows 7 Computer to start...


  • Please log in to reply
6 replies to this topic

#1 KayT262

KayT262

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 19 July 2018 - 04:22 PM

Every time I try to start my computer it freezes on the start up window.  I followed the suggestion to use the Farbar Recovery Scan Tool, and the following is the FRST log it came back with. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by SYSTEM on MININT-F8UTUOO (19-07-2018 18:07:09)
Running from i:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [626792 2011-08-04] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [456224 2010-07-29] ()
HKU\Kaylynn\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-01] (DT Soft Ltd)
HKU\Kaylynn\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\Kaylynn\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\NS.exe [326160 2017-05-11] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160718.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-20] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160729.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-19] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-05-25] (hxxp://libusb-win32.sourceforge.net)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
S3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2016-09-22] (The OpenVPN Project)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160727.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160727.020\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-19 17:21 - 2018-07-19 18:07 - 000000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-27 06:21 - 2009-07-13 20:45 - 000016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-27 06:21 - 2009-07-13 20:45 - 000016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-27 06:17 - 2009-07-13 21:13 - 000783464 _____ C:\Windows\System32\PerfStringBackup.INI
2018-06-27 06:17 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-06-27 06:12 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2017-05-09 14:11] - [2017-04-17 07:37] - 000512000 _____ (Microsoft Corporation) 5E9F8D029D9B03110D835CBFC058068B
 
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 4040 MB
Available physical RAM: 3302.41 MB
Total Virtual: 4038.2 MB
Available Virtual: 3299.06 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:916.41 GB) (Free:543.36 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4 GB) NTFS
Drive i: (Lexar) (Removable) (Total:29.21 GB) (Free:29.21 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6F5BCF7D)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 29.2 GB) (Disk ID: D1CD3D33)
Partition 1: (Not Active) - (Size=29.2 GB) - (Type=0B)
 
LastRegBack: 2017-05-27 10:01
 
==================== End of FRST.txt ============================
 
If there is anything I can do to fix it I'd really appreciate the help. Thanks :)


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 AM

Posted 20 July 2018 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If possible restart the computer in Normal Mode.
If not possible try Safe Mode with Networking.

In either mode run the Farbar program and post a fresh FRST.TXt log

Before you scan the computer make sure that the box to create an Addition.txt file.

Please post both logs for my review.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 AM

Posted 26 July 2018 - 07:52 AM

Are you still with me?

#4 KayT262

KayT262
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 26 July 2018 - 10:36 PM

Yes I am, sorry it's taken me a while to get to this. I hope the following logs are what you are looking for.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Kaylynn (26-07-2018 22:52:26) Run:2
Running from G:\
Loaded Profiles: Kaylynn (Available Profiles: Kaylynn)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleads.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsapplication.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqleadsservice.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bbqquotes.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ContentExplorer.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutleads.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\donutquotes.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancer.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\internetenhancerservice.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaleads.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pastaquotes.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\theanswerfinder.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancer.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerApp.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WajamInternetEnhancerAppservice.exe" => removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wajaminternetenhancerservice.exe" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11629991 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 51254533 B
Edge => 0 B
Chrome => 330588801 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42377634 B
systemprofile32 => 6023474 B
LocalService => 66228 B
NetworkService => 153406 B
Kaylynn => 53721946 B
 
RecycleBin => 355168632 B
EmptyTemp: => 811.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:52:37 ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by Kaylynn (administrator) on ATHENA (26-07-2018 23:30:45)
Running from G:\
Loaded Profiles: Kaylynn (Available Profiles: Kaylynn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [626792 2011-08-04] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25624208 2017-11-10] (Google)
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\MountPoints2: {f3c4cd82-fb88-11e0-8403-c89cdc2c6ed3} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\MountPoints2: {f3c4cd91-fb88-11e0-8403-c89cdc2c6ed3} - I:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2011-10-20]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{21412A44-23C2-4C4D-8AE9-A0C6EE111C1F}: [DhcpNameServer] 198.18.0.1 198.18.0.2
Tcpip\..\Interfaces\{F4AC3D49-DB83-44E1-A37B-F2776B06C6BD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=fe7cfa8a-35ef-47e5-92f0-c3275fa49640&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate={installDate}
URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll => No File
BHO-x32: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll => No File
Toolbar: HKLM - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon [2017-05-21] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll [2014-01-28] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-07-03] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2011-10-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={7FCC6C1B-2F26-4789-BDC7-0834061DD6AD}&mid=510de57e62834d3288a11240f2708edf-be4aba4406c21a8be432f8abe0e45f99f7bcaf93&lang=en&ds=hk011&pr=sa&d=2012-09-16 21:22:04&v=12.2.5.34&sap=hp","hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=fe7cfa8a-35ef-47e5-92f0-c3275fa49640&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}","hxxp://websearch.calcitapp.info/","hxxps://ca.search.yahoo.com/?type=994519&fr=yo-yhp-ch"
CHR Profile: C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default [2018-07-26]
CHR Extension: (Google Drive) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-25]
CHR Extension: (YouTube) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (iCloud Bookmarks) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Kaylynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2375743890-838387748-3642122283-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Kaylynn\AppData\Local\Smartbar/Application\1Extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Kaylynn\AppData\Local\Temp\ccex.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\NS.exe [326160 2017-05-11] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160718.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-10-20] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160729.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2011-12-19] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2011-05-25] (hxxp://libusb-win32.sourceforge.net)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NSx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
R3 tapipvanish; C:\Windows\System32\DRIVERS\tapipvanish.sys [34520 2016-09-22] (The OpenVPN Project)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160727.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20160727.020\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-26 22:46 - 2018-07-26 22:48 - 000061336 _____ C:\Windows\ntbtlog.txt
2018-07-19 21:21 - 2018-07-26 23:30 - 000000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-26 23:29 - 2009-07-14 01:13 - 000783464 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-26 23:29 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-07-26 22:52 - 2011-11-10 12:21 - 000000000 ____D C:\Users\Kaylynn\AppData\LocalLow\Temp
2018-07-22 16:47 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-22 16:07 - 2016-01-19 20:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-07-22 16:07 - 2016-01-19 20:43 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-07-22 16:07 - 2016-01-19 20:43 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-22 16:07 - 2011-07-11 13:54 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-22 16:07 - 2011-07-11 13:54 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-22 16:04 - 2016-06-23 00:20 - 000002046 _____ C:\Users\Public\Desktop\Google Slides.lnk
2018-07-22 16:04 - 2016-06-23 00:20 - 000002044 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2018-07-22 16:04 - 2016-06-23 00:20 - 000002034 _____ C:\Users\Public\Desktop\Google Docs.lnk
2018-07-22 16:04 - 2016-06-23 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-07-22 16:03 - 2009-07-14 00:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-22 16:03 - 2009-07-14 00:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-22 15:57 - 2016-06-23 00:20 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-22 15:57 - 2016-06-23 00:20 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2011-11-09 19:53 - 2012-09-04 21:00 - 000000539 _____ () C:\Users\Kaylynn\AppData\Roaming\Rim.Desktop.Exception.log
2011-11-09 19:45 - 2012-09-04 20:52 - 000002257 _____ () C:\Users\Kaylynn\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-11-09 19:53 - 2012-09-04 21:00 - 000000462 _____ () C:\Users\Kaylynn\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-04 21:00 - 2012-09-04 21:00 - 000000077 _____ () C:\Users\Kaylynn\AppData\Roaming\Rim.Transcoder.Exception.log
2011-11-20 20:56 - 2012-09-04 20:37 - 000008192 _____ () C:\Users\Kaylynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
 
LastRegBack: 2017-05-27 14:01
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Kaylynn (26-07-2018 23:32:40)
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-14 03:49:47)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2375743890-838387748-3642122283-500 - Administrator - Disabled)
Guest (S-1-5-21-2375743890-838387748-3642122283-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2375743890-838387748-3642122283-1003 - Limited - Enabled)
Kaylynn (S-1-5-21-2375743890-838387748-3642122283-1000 - Administrator - Enabled) => C:\Users\Kaylynn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Disabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-6bd744af-a5cc-4bc1-b4d1-5bb37ed3b31f) (Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auslogics BoostSpeed 9 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 9.1.1.0 - Auslogics Labs Pty Ltd)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-7da34a1c-f389-443a-b7aa-dffb0578b869) (Version: 2.2.0.95 - WildTangent) Hidden
BlackBerry Desktop Software 6.1 (HKLM-x32\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{97B70991-5002-4241-8B0C-D74B8ADEB2B5}) (Version: 7.1.0.32 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research In Motion Ltd.)
BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-f98cb7be-5f17-4c95-943e-09fcdeddec2c) (Version: 2.2.0.97 - WildTangent) Hidden
calibre (HKLM-x32\...\{B5D724AD-AC50-46B4-AAA7-62EF18F0CDFE}) (Version: 1.44.0 - Kovid Goyal)
Chronicles of Albian (HKLM-x32\...\WTA-4cb4e451-1339-4833-b3a4-53d7f0776b89) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-a2e13f19-5976-46c5-81e1-9a7f9f2cca0c) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
clear.fi (HKLM-x32\...\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}) (Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.7713 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1720.15 - CyberLink Corp.)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.01.3500 - Acer Incorporated)
Cradle of Rome 2 (HKLM-x32\...\WTA-56872a61-1b7f-4876-a0d6-bb557a9d4247) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Dora's World Adventure (HKLM-x32\...\WTA-c4f46fe2-a9df-4a50-96d0-90ab420edf58) (Version: 2.2.0.95 - WildTangent) Hidden
Easy Miner (HKLM-x32\...\Easy Miner) (Version: 1.1.8.20131013.12.00 - butterflylabs)
Final Drive: Nitro (HKLM-x32\...\WTA-a315ffb5-7b21-4cfd-9b34-ac6095f62eb0) (Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GEAR driver installer 4.019 (HKLM-x32\...\{7EEB72E4-2150-49F8-BC51-B63AF7B9E2F2}) (Version: 4.019.1 - GEAR Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-0a2b6e1a-4b0d-4a30-abf5-748680a229ef) (Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3504 - Acer Incorporated)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IPVanish (HKLM\...\A57226AD-BDAF-4860-BD4E-EDA6BC546189_is1) (Version: 3.0.8.0 - IPVANISH)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-3a9a3ae5-4ff7-4c46-8f54-eab1ff5f2a69) (Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.9.0 - Rakuten Kobo Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4927.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiMiner version 4.0.4 (HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\{A59A265F-E97D-4A84-8E78-E8C59EB861CE}_is1) (Version: 4.0.4 - Nate Woolls)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-465b48d7-1b85-4c95-906a-2afa4821db58) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Security (HKLM-x32\...\NS) (Version: 22.9.3.13 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Penguins! (HKLM-x32\...\WTA-4b6dab06-2c05-42f7-8887-d60da9d3bc78) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-55e42523-037a-4b66-b935-35eea6844f23) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-5cd66c37-91d8-4e0f-ab6d-ad520f400986) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-4b206497-d5c7-41aa-bc8c-ba7a79dfc759) (Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6242 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (HKLM-x32\...\WTA-101994a4-0cc4-4509-a1fc-7e7b5814a226) (Version: 2.2.0.97 - WildTangent) Hidden
TuneUp 2.5.0.1 (HKLM-x32\...\TuneUpMedia) (Version: 2.5.0.1 - TuneUp Media, Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-2e1315f6-4207-4dde-b9c2-3766274339b0) (Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3502 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E1}) (Version: 18.0.11023 - WinZip Computing, S.L. )
Zuma's Revenge (HKLM-x32\...\WTA-4d385420-418c-4e2e-8590-26ec3f0e2ccf) (Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2375743890-838387748-3642122283-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kaylynn\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-04-22] (Apple Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\NavShExt.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-01-27] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\NavShExt.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2011-04-02] (Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (Egis Technology Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-01-27] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\NavShExt.dll [2017-05-11] (Symantec Corporation)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2014-01-27] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {009DEE02-3551-4B16-BBAA-19E957A79329} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)
Task: {0172A788-CCBF-4D42-B5F8-5F0409843317} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-03] (Adobe Systems Incorporated)
Task: {08A3273B-5D9E-48CA-A121-AA52B6C4E9AD} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMNMNMJJMJGMIMHMNJCNPMPMLMLMCNLMJJJMOMCNOJLMPMNJCNJJIMKMIMPMPMLJHMOMNJNJMJJNJICMIMCNIMCNLMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMMMIMGMJNHICMNJKIBJPMNMJNBJCMELOJGIDJGIBJBJJNKJCMJNNICMJNDJCMKJBJ"
Task: {0D4D4E9F-8507-4349-B5A6-6AE39F52A17C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {1AE8DEE6-47F2-48BD-A5FC-4959B210920E} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {23A0EA1D-F7B0-47CD-9F32-B9B9E2BD86D5} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {272E2169-CD61-4FF4-99A9-A6F99E2D9B2A} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {2A0329D8-CA36-44B0-BE6E-17F08CE1CF40} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-03-14] (Microsoft Corporation)
Task: {31F72696-887C-4C5D-AC1D-1B77652CE1D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {3840FD29-D373-4936-BE97-ED8130DA5D8D} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {393D2D01-286D-4D29-B07B-391247C03506} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\WSCStub.exe [2017-05-11] (Symantec Corporation)
Task: {3B91C2A6-85C7-4938-941E-11041713EB63} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-05-11] (Symantec Corporation)
Task: {44DE9E2F-CA37-43BF-A84B-6A72D25E2BA1} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {56297356-6592-4CF5-A0D9-52DE29033CBA} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {8F0114AB-2982-4F4A-BD89-69A706764796} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {AD0A48E6-03E9-419C-9F42-DE097D61B628} - \RocketTab -> No File <==== ATTENTION
Task: {AE165B51-9512-46BF-898D-C76B7AFC3633} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.)
Task: {B52DFA09-3031-4AA7-A28F-1D17D22E755C} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {B80AD4E8-1C37-439A-8F1A-622C5A878305} - System32\Tasks\Check for Scheduled Updates => C:\Users\Kaylynn\AppData\Local\b6123e3d-57c0-4663-a009-b5b2e169d96e\CheckUpdate.exe
Task: {C602F46A-8C5B-4140-A617-77711B57BAB3} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Kaylynn logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2016-12-19] (Auslogics)
Task: {CB32AA73-2302-47B9-B924-A8F94F780C05} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
Task: {DF0B5152-44D2-475E-A0C7-835CDCE8343A} - System32\Tasks\RunTool => C:\Users\Kaylynn\AppData\Local\c7f6d110-f996-40e5-bcb0-391f6cc710e8\sysad.exe <==== ATTENTION
Task: {E8ECE28A-F32B-4CD0-99F3-53D10033B6D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-22] (Adobe Systems Incorporated)
Task: {EC7DD32B-DEEC-4054-AEE6-BE13AB5DB21F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {FB38E21F-897B-4FB6-BEC1-94C0C1B26617} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Kaylynn\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
 
ShortcutWithArgument: C:\Users\Kaylynn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Netflix.lnk -> C:\ProgramData\OEM_E471269A730E\Netflix\StartURL.exe () -> hxxps://www.netflix.ca/?mqso=80028091
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-24 05:07 - 2017-01-31 08:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [226]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kaylynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FD919115-9DB4-4EDA-8A6B-6E64E6F60EDF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F8185CC1-E9EE-4646-8A9E-96CE4FE14CB2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7D4176B6-DEE7-4B50-B495-1FF6CDE32964}] => (Allow) LPort=2869
FirewallRules: [{05C50E66-3034-46C0-B3FD-47BCBB29017D}] => (Allow) LPort=1900
FirewallRules: [{B912CF56-0A04-4F73-9DAD-8D535E79B031}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{08D057D4-A625-4B01-82DB-48A9A6EB562F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{6B0B6100-9340-408E-9238-71A62EFA0341}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{7B0DABD1-834C-4418-93CE-368231C7143B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C20EADAA-0450-4F86-87F1-458998EE7190}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{1C540342-9B1E-4D41-91E2-E1995AF98B2A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{EFCD64AE-684F-4FF1-A210-6DDE137929ED}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{E7012E5E-AC59-428E-BE21-FFB179793162}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F3E68B40-8348-46CC-A1FF-45B9FF3AE67A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{3962AC97-D459-4762-B845-325F734E8122}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{5E464E69-3E9A-44E7-A1C6-3F2F80DC7C0B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{CA4D94B3-5DA4-4A32-BAC3-E2CC2D8EB67B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BB095CE0-C05E-40AB-8666-A9F72354D58E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{EF6DB0CD-CBA8-4441-A91D-59B7EC17FFEC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{0197CD03-CB19-4986-AD7F-275FE8E3E9B7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{BF4BD976-DEEE-43CA-BC5C-8742E3DCE690}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{1152E2AC-BA92-4FA1-A089-23568783F4D3}] => (Allow) LPort=4481
FirewallRules: [{DB98BB33-7762-4E34-BE65-9777AD0F7232}] => (Allow) LPort=4481
FirewallRules: [{D7373E3C-7245-460A-BF01-E1A6133371C3}] => (Allow) LPort=4482
FirewallRules: [{776D6920-5156-49B2-847C-02BC531CC5AF}] => (Allow) LPort=4482
FirewallRules: [{C62F913A-2BD8-478B-B798-42D4D1DB67D4}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C77A3082-2D34-4FF5-9060-4C4716BD7049}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{DA13CF45-E596-4E6E-96BA-C956FEE8D85C}] => (Allow) C:\Users\Kaylynn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{38845F56-36F6-429C-A6AE-1C6B7C6C0049}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{39455400-80AF-403D-A050-826B9797951E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DCE07865-1C9F-4070-8069-BD00A38A2518}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30294A25-FCC1-46D2-8D3D-9F69FE382FB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{004103A4-E04D-47BF-9FDC-20FF843FF568}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{126FA96A-9FEA-4E99-8A86-D89EA0395EC1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E92A664F-55C6-487E-B406-61EBE2514DCA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C3D5997B-3426-4576-A355-D726F8C4C856}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8A1C1410-5D60-43E6-B82E-DC2DA99DECF5}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{E602F942-B332-4253-8AF8-E3B1776B50BF}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6F83FCEA-11AD-4489-9F8A-F32429D2EF44}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/26/2018 11:29:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/26/2018 10:47:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/22/2018 04:07:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (07/22/2018 04:06:06 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: The job is not making progress.  The server may be misconfigured.  Background Intelligent Transfer Service (BITS) will try again later.
 ErrorCode: 14007(0x36b7).
 
Error: (07/22/2018 04:48:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/06/2018 12:35:40 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (07/04/2018 04:26:02 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (06/27/2018 10:23:13 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
System errors:
=============
Error: (07/26/2018 11:30:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:30:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:30:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:30:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:30:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:30:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:30:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (07/26/2018 11:29:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
 
Windows Defender:
===================================
Date: 2017-08-28 18:02:13.617
Description: 
%1 engine has been terminated due to an unexpected error.
Failure Type:%5
Exception code:%6
Resource:%3
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 18%
Total physical RAM: 4040 MB
Available physical RAM: 3278.45 MB
Total Virtual: 8078.19 MB
Available Virtual: 7372.36 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:916.41 GB) (Free:543.58 GB) NTFS
Drive g: (Lexar) (Removable) (Total:29.21 GB) (Free:29.2 GB) FAT32
 
\\?\Volume{0c758045-c480-11e0-a1be-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{0c758044-c480-11e0-a1be-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:15 GB) (Free:4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6F5BCF7D)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 29.2 GB) (Disk ID: D1CD3D33)
Partition 1: (Not Active) - (Size=29.2 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
Thank you so much for looking into this for me!


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 AM

Posted 27 July 2018 - 07:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If you installed these applications and want to keep them it's your call.

To remove these programs in bold via the Control Panel > Programs > Programs and Features.
Easy Miner (HKLM-x32\...\Easy Miner) (Version: 1.1.8.20131013.12.00 - butterflylabs)
MultiMiner version 4.0.4 (HKU\S-1-5-21-2375743890-838387748-3642122283-1000\...\{A59A265F-E97D-4A84-8E78-E8C59EB861CE}_is1) (Version: 4.0.4 - Nate Woolls)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=fe7cfa8a-35ef-47e5-92f0-c3275fa49640&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate={installDate}
URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll => No File
BHO-x32: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll => No File
Toolbar: HKLM - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll No File
Toolbar: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={7FCC6C1B-2F26-4789-BDC7-0834061DD6AD}&mid=510de57e62834d3288a11240f2708edf-be4aba4406c21a8be432f8abe0e45f99f7bcaf93&lang=en&ds=hk011&pr=sa&d=2012-09-16 21:22:04&v=12.2.5.34&sap=hp","hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=fe7cfa8a-35ef-47e5-92f0-c3275fa49640&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}","hxxp://websearch.calcitapp.info/","hxxps://ca.se... (long line)
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Kaylynn\AppData\Local\Smartbar/Application\1Extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Kaylynn\AppData\Local\Temp\ccex.crx <not found>
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [226][/B]

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Can you now boot in Normal Mode?

What issues are still pending?

#6 KayT262

KayT262
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 27 July 2018 - 07:59 PM

I uninstalled those programs as you suggested and here is the fixlog.txt from the last steps you posted. It took a while, but it finally started normally and seems to be fine. Thank you so much for all your help!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Kaylynn (27-07-2018 17:53:12) Run:3
Running from G:\
Loaded Profiles: Kaylynn (Available Profiles: Kaylynn)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=fe7cfa8a-35ef-47e5-92f0-c3275fa49640&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate={installDate}
URLSearchHook: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll No File
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll => No File
BHO-x32: Linkury SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Vuze Remote Toolbar -> {ba14329e-9550-4989-b3f2-9732e92d17cc} -> C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll => No File
Toolbar: HKLM - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Linkury Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll No File
Toolbar: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Toolbar: HKU\S-1-5-21-2375743890-838387748-3642122283-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={7FCC6C1B-2F26-4789-BDC7-0834061DD6AD}&mid=510de57e62834d3288a11240f2708edf-be4aba4406c21a8be432f8abe0e45f99f7bcaf93&lang=en&ds=hk011&pr=sa&d=2012-09-16 21:22:04&v=12.2.5.34&sap=hp","hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=fe7cfa8a-35ef-47e5-92f0-c3275fa49640&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}","hxxp://websearch.calcitapp.info/","hxxps://ca.se... (long line)
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Kaylynn\AppData\Local\Smartbar/Application\1Extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Kaylynn\AppData\Local\Temp\ccex.crx <not found>
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [226][/B]
 
Reboot:
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => not found
"HKU\S-1-5-21-2375743890-838387748-3642122283-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2375743890-838387748-3642122283-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => removed successfully
HKLM\Software\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => removed successfully
"HKLM\Software\Classes\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => not found
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}" => removed successfully
"HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => not found
"HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC}" => removed successfully
HKLM\Software\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => not found
"HKU\S-1-5-21-2375743890-838387748-3642122283-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A}" => removed successfully
"HKLM\Software\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk" => removed successfully
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 17:53:22 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:26 AM

Posted 28 July 2018 - 06:37 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users