Jump to content


Photo

Seems Slow


  • Please log in to reply
8 replies to this topic

#1 marcmeier

marcmeier

    Fully Confused Member

  • Full Member
  • PipPipPip
  • 141 posts

Posted 22 December 2016 - 08:55 PM

Hi, all, and compliments of the Season.

 

I haven't posted for literally years, but I'd appreciate a check on this laptop, which seems slow, given that it's a core i3, 2.4Ghz, 4 thread, 4Gb machine, running Win 7 Home Premium.  Mind you, I did get it from a family whose teenagers did some suspect downloads....

 

No rush, logs follow.

 

Cheers

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/23/16
Scan Time: 1:53 PM
Logfile: MBAM_Log.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.839
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: USER-PC\Administrator
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300635
Time Elapsed: 19 min, 1 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 1
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\BOOSTSPEED.EXE, Quarantined, [2025], [341835],1.0.839
 
Module: 31
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\RTL160.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\AXCOMPONENTSRTL.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\AXBROWSERS.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\AXCOMPONENTSVCL.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\COMMONFORMS.ROUTINE.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\DISKDEFRAGHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATPOPUPSHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\TASKSCHEDULERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ACTIONCENTERFORMS.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ADVISORHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\UNINSTALLMANAGERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\VCL160.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\TWEAKMANAGERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\COMMONFORMS.SITE.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\VCLIMG160.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\RESCUECENTERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATTOOLSSTDHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\REPORTHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\BOOSTSPEED.EXE, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ACTIONCENTERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\DEBUGHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATUPDATERSHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\VOLUMESHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATTOOLSEXTHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\LOCALIZER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SERVICESOPTIMIZATIONTOOL.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SPYWARECHECKERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\BROWSERCAREHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SYSTEMINFORMATIONHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\GOOGLEANALYTICSHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SQLITE3.DLL, Quarantined, [2025], [341835],1.0.839
 
Registry Key: 23
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\BCAgentCOM32.BCAgent32, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\TYPELIB\{F2C6F7D1-ED32-49E5-9919-CBF4ABB4456D}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A3310BE-83DD-4E80-AC51-997CA2BA1080}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\CLSID\{93469602-4134-4012-A6BC-F0AD1C3D66AB}\InprocServer32, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\DiskDoctorChecker.DiskChecker, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\APPID\{278029E0-2347-4254-A65E-204AC55E2508}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}\InprocServer32, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\TMAgentCOM.TMAgent, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\APPID\{93469602-4134-4012-A6BC-D46FF1C671E9}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\TYPELIB\{F2C6F7D1-ED32-49E5-9919-00DB857103B2}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\INTERFACE\{6855F0CE-00B1-483F-8633-33B650EE4310}, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\CLASSES\CLSID\{93469602-4134-4012-A6BC-D46FF1C671E9}\InprocServer32, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\AUSLOGICS\BoostSpeed, Quarantined, [2025], [341837],1.0.839
PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\AUSLOGICS\Disk Defrag, Quarantined, [2275], [350021],1.0.839
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp, Quarantined, [13420], [186948],1.0.839
 
Registry Value: 1
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp|PATH, Quarantined, [13420], [186948],1.0.839
 
Data Stream: 0
(No malicious items detected)
 
Folder: 19
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\IgnoredLists, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\Logs, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAMDATA\Auslogics\BoostSpeed, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x\Reports, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x\Data, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\PROGRAMDATA\Auslogics\Disk Defrag, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AUSLOGICS\BOOSTSPEED, Quarantined, [2025], [341834],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Setup, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Data, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\WINDOWS\SYSTEM32\TASKS\AUSLOGICS\BOOSTSPEED, Quarantined, [2025], [341836],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\AUSLOGICS\Disk Defrag, Quarantined, [2275], [350023],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Setup, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Data, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\PROGRAM FILES\AUSLOGICS\DISK DEFRAG, Quarantined, [2275], [350025],1.0.839
 
File: 147
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\RTL160.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\AXCOMPONENTSRTL.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\AXBROWSERS.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\AXCOMPONENTSVCL.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\COMMONFORMS.ROUTINE.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\DISKDEFRAGHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATPOPUPSHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\TASKSCHEDULERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\IgnoredLists\TRE_User.igl, Delete-on-Reboot, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\Logs\BoostSpeedLogic.log, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\Logs\InternetOptimizerStatistics.log, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\Logs\TweakManagerStatistics.log, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Auslogics\BoostSpeed\9.x\StatDB.json, Quarantined, [2025], [341833],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x\Data\giveaway.json, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x\Data\giveaway.png, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x\Reports\Disk_Defrag_Report.xml, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Auslogics\Disk Defrag\7.x\Reports\Disk_Defrag_Report.xslt, Quarantined, [2275], [350024],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ACTIONCENTERFORMS.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ADVISORHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\UNINSTALLMANAGERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\VCL160.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\TWEAKMANAGERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\COMMONFORMS.SITE.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\VCLIMG160.BPL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\RESCUECENTERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATTOOLSSTDHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\REPORTHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\BOOSTSPEED.EXE, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ACTIONCENTERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\DEBUGHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATUPDATERSHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\VOLUMESHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\ATTOOLSEXTHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\LOCALIZER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SERVICESOPTIMIZATIONTOOL.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SPYWARECHECKERHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\BROWSERCAREHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SYSTEMINFORMATIONHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\GOOGLEANALYTICSHELPER.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES\AUSLOGICS\BOOSTSPEED\SQLITE3.DLL, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\USERS\ADMINISTRATOR\DESKTOP\AUSLOGICS DISK DEFRAG.LNK, Quarantined, [2275], [350022],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\BoostSpeed\Auslogics BoostSpeed 9 on the Web.url, Quarantined, [2025], [341834],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\BoostSpeed\Auslogics BoostSpeed 9.lnk, Quarantined, [2025], [341834],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\BoostSpeed\Auslogics Rescue Center.lnk, Quarantined, [2025], [341834],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\deu.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\enu.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\esp.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\fra.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\ita.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\jpn.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Lang\rus.lng, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Setup\SetupCustom.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Data\Applications.dat, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Data\main.ini, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\Data\products.json, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\InternetOptimizer.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\InternetOptimizerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\ndefrg32.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\rdboot32.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\RegistryCleanerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\RegistryDefrag.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\RegistryDefragHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\RescueCenter.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\RescueCenterForm.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\SendDebugLog.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\ServiceManagerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\ShellExtension.ContextMenu.x32.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\ShellExtension.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\StartupManager.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\StartupManagerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\SystemInformation.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\TaskManager.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\BrowserCareHelper.Agent.x32.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\cdefrag.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\CommonForms.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskCleanerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskDoctor.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskDoctorChecker.x32.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskDoctorHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskExplorer.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskExplorerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskWipeHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DSSrcAsync.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DSSrcWM.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DuplicateFileFinder.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DuplicateFileFinderHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\EULA.rtf, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\FileRecovery.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\FileRecoveryHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\FileShredder.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\FreeSpaceWiper.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\DiskDefrag.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\GASender.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\TaskManagerHelper.Agent.x32.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\TaskManagerHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\TrackEraserHelper.dll, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\TweakManager.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\unins000.dat, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\unins000.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\unins000.msg, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Program Files\Auslogics\BoostSpeed\UninstallManager.exe, Quarantined, [2025], [341835],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Windows\System32\Tasks\Auslogics\BoostSpeed\Scan and Repair, Quarantined, [2025], [341836],1.0.839
PUP.Optional.AuslogicsBoostSpeed, C:\Windows\System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed \u00d0\u00ben Administrator logon, Quarantined, [2025], [341836],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag on the Web.url, Quarantined, [2275], [350023],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Auslogics Disk Defrag.lnk, Quarantined, [2275], [350023],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\Disk Defrag\Check Your PC Performance.url, Quarantined, [2275], [350023],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\deu.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\enu.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\esp.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\fra.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\ita.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\jpn.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Lang\rus.lng, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Data\main.ini, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Setup\SetupCustom.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\AxBrowsers.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\AxComponentsRTL.bpl, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\AxComponentsVCL.bpl, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\cdefrag.exe, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\CommonForms.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\CommonForms.Routine.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\CommonForms.Site.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\DebugHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\DiskCleanerHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\DiskDefrag.exe, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\DiskDefragHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\DiskWipeHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\EULA.rtf, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\GASender.exe, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\GoogleAnalyticsHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\Localizer.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\ndefrg32.exe, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\RegistryCleanerHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\ReportHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\rtl160.bpl, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\SendDebugLog.exe, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\ShellExtension.ContextMenu.x32.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\ShellExtension.ContextMenu.x64.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\ShellExtension.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\sqlite3.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\TaskSchedulerHelper.dll, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\unins000.dat, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\unins000.exe, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\unins000.msg, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\vcl160.bpl, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\vclimg160.bpl, Quarantined, [2275], [350025],1.0.839
PUP.Optional.AuslogicsDiskDefrag, C:\Program Files\Auslogics\Disk Defrag\VolumesHelper.dll, Quarantined, [2275], [350025],1.0.839
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016
Ran by Administrator (administrator) on USER-PC (23-12-2016 14:28:28)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: User & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\asulaunch.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-18] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKU\S-1-5-21-98737323-1009773367-2146176377-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-07] (Piriform Ltd)
HKU\S-1-5-21-98737323-1009773367-2146176377-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-98737323-1009773367-2146176377-500\...\MountPoints2: {0e91cbb5-c640-11e1-8409-806e6f6e6963} - D:\InstallNavi.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-12-18] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-03-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{0D0CB876-F40B-4BC1-9428-18C0018F1EC6}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{19CFF177-8682-4D94-B79E-390BEA650A8F}: [DhcpNameServer] 130.195.85.25 130.195.98.151
Tcpip\..\Interfaces\{76974BCF-D479-4C78-99DE-D0CD23B1B5C3}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-98737323-1009773367-2146176377-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
HKU\S-1-5-21-98737323-1009773367-2146176377-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-nz/?ocid=iehp
SearchScopes: HKU\S-1-5-21-98737323-1009773367-2146176377-500 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-98737323-1009773367-2146176377-500 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-18] (AVAST Software)
BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-15] (Oracle Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-18]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-18]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
CHR RestoreOnStartup: Default -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp"
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-12-23]
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-18]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-18]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-23]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-12-18] (AVAST Software)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-21] (SEIKO EPSON CORPORATION)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-12-14] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-12-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-12-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-12-18] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [26776 2016-12-18] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [338936 2016-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-12-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-12-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-12-18] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2016-12-14] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2016-12-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [87496 2016-12-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2016-12-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219072 2016-12-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2016-12-23] (Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-23 14:28 - 2016-12-23 14:29 - 00014634 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-12-23 14:28 - 2016-12-23 14:28 - 00000000 ____D C:\FRST
2016-12-23 14:27 - 2016-12-23 14:26 - 01762816 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2016-12-23 14:25 - 2016-12-23 14:26 - 01762816 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2016-12-23 14:21 - 2016-12-23 14:21 - 00030448 _____ C:\Users\Administrator\Desktop\MBAM_Log.txt
2016-12-23 13:52 - 2016-12-23 14:20 - 00087496 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-23 13:52 - 2016-12-23 14:19 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-23 13:52 - 2016-12-23 14:19 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-23 13:52 - 2016-12-23 13:52 - 00153024 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-23 13:51 - 2016-12-23 14:19 - 00219072 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-23 13:47 - 2016-12-23 13:47 - 00002025 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-23 13:47 - 2016-12-23 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-23 13:46 - 2016-12-23 13:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-23 13:46 - 2016-12-23 13:46 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-23 13:46 - 2016-12-14 12:55 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2016-12-23 13:42 - 2016-12-23 13:42 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2016-12-23 13:38 - 2016-12-23 13:41 - 54199488 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-18 19:12 - 2016-12-18 19:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2016-12-18 18:43 - 2016-12-18 18:43 - 00001142 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk
2016-12-18 18:43 - 2016-12-18 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1
2016-12-18 18:43 - 2016-12-18 18:43 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-12-18 18:43 - 2015-08-11 12:22 - 02895360 _____ C:\Windows\system32\pwNative.exe
2016-12-18 18:43 - 2015-03-05 10:15 - 00017160 ____N C:\Windows\system32\pwdrvio.sys
2016-12-18 18:43 - 2015-03-05 10:15 - 00013064 ____N C:\Windows\system32\pwdspio.sys
2016-12-18 18:41 - 2016-12-18 18:42 - 32262960 _____ (MiniTool Solution Ltd. ) C:\Users\Administrator\Downloads\pwfree91.exe
2016-12-18 18:05 - 2016-12-18 18:06 - 00000000 ____D C:\Program Files\GUMEE26.tmp
2016-12-18 17:42 - 2016-12-18 17:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\CyberLink
2016-12-18 17:42 - 2016-12-18 17:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2016-12-18 17:15 - 2016-12-18 20:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-12-18 17:06 - 2016-12-18 17:06 - 00000000 ____D C:\Users\User\AppData\LocalLow\Sun
2016-12-18 15:37 - 2016-12-18 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-18 15:34 - 2016-12-18 15:31 - 00338936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-12-18 15:33 - 2016-12-18 21:10 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Games
2016-12-18 15:33 - 2016-12-18 14:01 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-18 15:31 - 2016-12-18 15:31 - 00026776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2016-12-18 15:30 - 2016-12-18 15:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-12-18 15:30 - 2016-12-18 15:30 - 00000000 ____D C:\Users\User\Tracing
2016-12-18 15:29 - 2016-12-18 15:29 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2016-12-18 15:27 - 2016-12-23 14:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-12-18 15:27 - 2016-12-18 15:27 - 00000000 ____D C:\Users\Administrator\Tracing
2016-12-18 15:26 - 2016-12-18 15:26 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-18 15:26 - 2016-12-18 15:26 - 00000000 ___RD C:\Program Files\Skype
2016-12-18 15:26 - 2016-12-18 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-18 15:26 - 2016-12-18 15:26 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-12-18 15:24 - 2016-12-18 15:24 - 01478616 _____ (Skype Technologies S.A.) C:\Users\Administrator\Downloads\SkypeSetup.exe
2016-12-18 14:44 - 2016-12-18 14:44 - 00000017 _____ C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2016-12-18 14:28 - 2016-12-23 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-12-18 14:27 - 2016-12-23 14:18 - 00000000 ____D C:\ProgramData\Auslogics
2016-12-18 14:27 - 2016-12-23 14:18 - 00000000 ____D C:\Program Files\Auslogics
2016-12-18 14:13 - 2016-12-18 14:13 - 00001133 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-18 14:13 - 2016-12-18 14:13 - 00001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-18 14:12 - 2016-12-18 14:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2016-12-18 14:02 - 2016-12-18 14:01 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-12-18 14:01 - 2016-12-18 14:01 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-18 13:39 - 2016-12-18 13:39 - 00000970 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-18 13:39 - 2016-12-18 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-18 13:39 - 2016-12-18 13:39 - 00000000 ____D C:\Program Files\CCleaner
2016-12-18 13:04 - 2016-12-18 13:04 - 00000000 ____D C:\Users\Administrator\Documents\EA Games
2016-12-18 13:03 - 2016-12-18 13:03 - 00000000 __RHD C:\Users\Administrator\AppData\Roaming\SecuROM
2016-12-18 12:43 - 2015-07-31 02:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-12-18 12:41 - 2016-12-18 12:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-18 12:39 - 2016-12-18 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Epson
2016-12-18 12:39 - 2016-12-18 12:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2016-12-18 12:38 - 2016-12-18 12:38 - 00109664 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-18 12:37 - 2016-12-18 12:38 - 00000000 ____D C:\Users\User\AppData\Local\Google
2016-12-18 12:37 - 2016-12-18 12:37 - 00001422 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-18 12:37 - 2016-12-18 12:37 - 00000020 ___SH C:\Users\User\ntuser.ini
2016-12-18 12:37 - 2016-12-18 12:37 - 00000000 _SHDL C:\Users\User\My Documents
2016-12-18 12:37 - 2016-12-18 12:37 - 00000000 _SHDL C:\Users\User\Documents\My Videos
2016-12-18 12:37 - 2016-12-18 12:37 - 00000000 _SHDL C:\Users\User\Documents\My Pictures
2016-12-18 12:37 - 2016-12-18 12:37 - 00000000 _SHDL C:\Users\User\Documents\My Music
2016-12-18 12:37 - 2016-12-18 12:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2016-12-18 12:37 - 2015-10-26 15:30 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2016-12-18 12:37 - 2013-06-25 21:43 - 00000000 ____D C:\Users\User\AppData\LocalGoogle
2016-12-18 12:37 - 2013-06-01 09:52 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2016-12-18 12:37 - 2013-04-06 23:23 - 00000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2016-12-18 12:37 - 2009-07-14 20:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Media Center Programs
2016-12-12 00:03 - 2016-12-12 00:03 - 00000000 ____D C:\0aa229004adfc9a5109411
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-23 14:26 - 2013-06-26 21:49 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-23 14:26 - 2013-06-26 21:49 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-23 14:26 - 2013-06-26 21:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-23 14:26 - 2013-04-06 23:19 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-23 14:26 - 2009-07-14 17:34 - 00016016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-23 14:26 - 2009-07-14 17:34 - 00016016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-23 14:18 - 2009-07-14 17:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-18 21:13 - 2012-07-31 22:08 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-98737323-1009773367-2146176377-1001UA.job
2016-12-18 21:13 - 2012-07-31 22:08 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-98737323-1009773367-2146176377-1001Core.job
2016-12-18 20:30 - 2012-07-04 21:15 - 00779128 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-18 20:30 - 2009-07-14 15:37 - 00000000 ____D C:\Windows\inf
2016-12-18 18:59 - 2009-07-14 17:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-12-18 18:24 - 2013-03-30 16:04 - 00002150 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 18:24 - 2013-03-30 16:04 - 00002138 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 15:27 - 2013-12-13 11:02 - 00000000 ____D C:\Users\Administrator
2016-12-18 15:26 - 2012-12-18 21:11 - 00000000 ____D C:\ProgramData\Skype
2016-12-18 14:23 - 2015-03-04 13:23 - 00000000 ____D C:\Program Files\Sony
2016-12-18 14:23 - 2014-02-28 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-12-18 14:04 - 2013-03-20 17:41 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-12-18 14:04 - 2012-07-05 09:10 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-12-18 14:04 - 2012-07-05 09:10 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-12-18 14:02 - 2014-04-27 16:40 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-18 14:02 - 2014-03-10 21:52 - 00118664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-18 14:02 - 2013-03-20 17:41 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-18 14:02 - 2012-09-05 21:19 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-18 14:02 - 2012-07-05 09:10 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-18 14:02 - 2012-07-05 08:56 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-18 14:00 - 2013-06-25 16:33 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-12-18 13:51 - 2013-02-14 18:01 - 00000000 ____D C:\Program Files\HP
2016-12-18 13:49 - 2014-02-28 15:43 - 00000000 ____D C:\Program Files\epson
2016-12-18 13:49 - 2014-02-28 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-12-18 13:42 - 2015-09-23 11:16 - 00000000 ____D C:\Windows\Minidump
2016-12-18 13:42 - 2012-07-05 15:23 - 00000000 ____D C:\Windows\Panther
2016-12-18 13:17 - 2014-02-28 15:41 - 00000000 ____D C:\Program Files\EPSON Software
2016-12-18 13:15 - 2012-07-05 08:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-18 13:12 - 2015-03-04 13:39 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-12-18 13:09 - 2009-07-14 17:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-18 13:04 - 2013-05-31 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-18 12:54 - 2012-07-05 08:56 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-18 12:36 - 2013-05-22 17:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-12-18 12:35 - 2013-06-09 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-18 12:02 - 2009-07-14 15:37 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2016-12-18 14:44 - 2016-12-18 14:44 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2013-02-14 18:00 - 2016-12-18 13:51 - 0004972 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\drm_dyndata_7400009.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Wi

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,138 posts

Posted 23 December 2016 - 07:41 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
Task: {4C38CCDF-4929-4EC2-A731-345C39E149BE} - \Auslogics\BoostSpeed\Start BoostSpeed ?n Administrator logon -> No File <==== ATTENTION
Task: {71197994-0A1B-4996-A81A-28F62D51B437} - \Auslogics\BoostSpeed\Scan and Repair -> No File <==== ATTENTION


Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.

=============

For your added security I suggest that you update the following programs.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com...d/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmic...java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.co...oads/index.html

How to disable Java in your browsers
http://www.infoworld...browsers-210882
===

ADOBE AIR

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/air/

==============


ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

When the updates are completed and you have restarted the computer remove what remains of these versions via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
===

Please post the fixlog.txt and let me know what problem persists with this computer.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 marcmeier

marcmeier

    Fully Confused Member

  • Full Member
  • PipPipPip
  • 141 posts

Posted 23 December 2016 - 10:40 PM

Thanks, Nasdaq

All done as requested. Initially OK, but back to 28% memory and 100% CPU usage. Log follows:

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016
Ran by Administrator (24-12-2016 14:38:32) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: User & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> No File
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
Task: {4C38CCDF-4929-4EC2-A731-345C39E149BE} - \Auslogics\BoostSpeed\Start BoostSpeed ?n Administrator logon -> No File <==== ATTENTION
Task: {71197994-0A1B-4996-A81A-28F62D51B437} - \Auslogics\BoostSpeed\Scan and Repair -> No File <==== ATTENTION


Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" => key removed successfully.
HKCR\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => value removed successfully.
HKCR\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C38CCDF-4929-4EC2-A731-345C39E149BE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C38CCDF-4929-4EC2-A731-345C39E149BE}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Start BoostSpeed ?n Administrator logon => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71197994-0A1B-4996-A81A-28F62D51B437}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71197994-0A1B-4996-A81A-28F62D51B437}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Scan and Repair" => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5851285 B
Java, Flash, Steam htmlcache => 710 B
Windows/system/drivers => 153096270 B
Edge => 0 B
Chrome => 39138772 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 22965014 B
LocalService => 132244 B
NetworkService => 66812 B
User => 5305264 B
Administrator => 204348604 B

RecycleBin => 1763360 B
EmptyTemp: => 420.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:39:18 ====

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,138 posts

Posted 24 December 2016 - 07:41 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 marcmeier

marcmeier

    Fully Confused Member

  • Full Member
  • PipPipPip
  • 141 posts

Posted 09 January 2017 - 10:11 PM

Hi, Nasdaq

 

Hope you had a good break.  All done as requested, but seems to still max the CPU's out.  Will continue to monitor and give feedback.  <Edit>  Noted Avast! using heaps of CPU, uninstalled, AVG Free installed, much better (30% as I type) <End Edit> Zoek log:

 

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Administrator on 10/01/17 at 15:23:26.88.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Administrator\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
10/01/17 15:24:56 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\Auslogics deleted successfully
C:\Program Files\epson deleted successfully
C:\Program Files\GUMEE26.tmp deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~2\Auslogics deleted successfully
C:\Users\Administrator\AppData\Local\ESET deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-98737323-1009773367-2146176377-500\Software\Microsoft\Internet Explorer\SearchScopes\{76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\Auslogics not found
C:\Program Files\epson not found
C:\Program Files\GUMEE26.tmp not found
C:\Program Files\VideoLAN not found
C:\Program Files\Conduit deleted
C:\PROGRA~2\Package Cache deleted
"C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}" deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
Auslogics\BoostSpeed deleted
Auslogics\BoostSpeed\Start BoostSpeed ?n Administrator logon deleted
avast Emergency Update deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [10/01/17 15:10]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.80
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
 
Chrome Media Router - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02
 
==== Reset Google Chrome ======================
 
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7AM97I0 will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=12 folders=13 6777914 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7AM97I0" not found
 
==== EOF on 10/01/17 at 16:02:40.06 ======================

Edited by marcmeier, 09 January 2017 - 10:53 PM.


#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,138 posts

Posted 10 January 2017 - 07:42 AM

Keep me posted.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 marcmeier

marcmeier

    Fully Confused Member

  • Full Member
  • PipPipPip
  • 141 posts

Posted 17 January 2017 - 11:46 PM

Hi, Nasdaq

 

Since AVG settled down, same symptoms.  Problem is that they vary enough to not be certain.  Please be patient and keep the topic open.

 

Thank you very much for the help so far.

 

Cheers, Marc



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,138 posts

Posted 18 January 2017 - 07:52 AM

If identified get the latest drivers.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.


http://www.bleepingc...th-secunia-psi/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 marcmeier

marcmeier

    Fully Confused Member

  • Full Member
  • PipPipPip
  • 141 posts

Posted 19 January 2017 - 08:27 PM

Thanks, Nasdaq

 

In progress.  Taking a long time.  

 

Seems that Internet page resolution is chewing processor and is certainly slow.  When at it's worst, you can type, say, "and" and wait for about 10 seconds before the word appears.

 

Will get back to you.

 

Cheers, Marc






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!