Jump to content


Photo

Computer runs very slow and I am unable to do most anything


  • This topic is locked This topic is locked
21 replies to this topic

#1 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 12 November 2016 - 05:08 PM

Hi Guys,

 

It has been a while since I have been here.  I have been asked to work on a friends laptop and frankly I do not know where to begin.  It is extremely slow to do anything.  I am also not able to boot into safe mode.  I can get to a desktop but not even able to access my home wifi.  When i tap the HOME button about 15 minutes later the window pops up.  If I try to type it takes about 5-10 minutes for each letter.  It would seem to make sense to download a program onto a USB stick from another computer and try to run it.  Or probably to boot from a USB stick that is loaded with software prepared for battle, but I am not sure which program to use.  I would be happy to run the typical scans to find the problem, but as you can see, I clearly cannot do that right now.

 

Any thoughts would be greatly appreciated.

 

Thank you

 

JoeFixes


JoeFixes
(But only if its Broke)

#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 13 November 2016 - 06:43 PM

Hi JoeFixes, and welcome back.

You could run some software from a USB or flash drive, but if you wanted to do that, due to the risk of spreading an infection through a USB drive, a more secure method would be to copy programs to CD or DVD as they could not be infected.

I'd like to start though by booting from a CD/DVD if the laptop has one (or a USB drive, although it's not as secure) and running a LINUX based antivirus program, but first I'd like to get some basic information about the laptop.

What version of Windows is it?
Is it 32 or 64 bit Windows?
Does it have a CD/DVD drive, or only USB for an external media choice?
What brand/model is it?

What browsers are installed?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 13 November 2016 - 06:56 PM

And also, what is it using for an antivirus program, and what is it using for a firewall?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 13 November 2016 - 07:55 PM

Hello Joker,

 

I have a bit of an update.  As I was waiting, I was still trying to boot into SAFE mode.  As the file names scrolled down, I noticed it got hung up on avgidsha.sys.  I tried googling that file name and found several entries showing that this file is related to AVG Anti-Virus (which is installed) and some people have had success by changing the boot system through the BIOS.  So i went in to the BIOS and changed the boot system from AHCI to COMPATIBILITY and after that I was able to boot into SAFE mode and get a few things done.  The first thing I did was uninstall AVG and I was successful.  Next I tried downloading a few tools to get some scans in.  I was able to get a successful MBAM scan, as well as FRST and RGSA.  I tried to run the ESET online scanner twice but was unsuccessful both times.  Additionally, whenever I am NOT in safe mode...doing anything is laborious and it I am able to get more done in SAFE mode. 

 

Here are the scans I was able to run:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Brian (administrator) on BRIAN-PC (13-11-2016 19:11:53)
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-11-05] (LogMeIn, Inc.)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724536 2012-04-22] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-06] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-04-01]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-11-13]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-05]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  /sync /restart /sync /restart /sync /restart /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{27928045-3172-4B5B-BBB0-EB818E9234DD}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{32575458-8D64-4A36-B186-E622808A77C6}: [DhcpNameServer] 192.168.4.1
Tcpip\..\Interfaces\{E86B7EDA-8FE5-4CDF-9F40-59D5B06A6AE0}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/?cid=C001B2Y
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={09DDD402-1B13-456B-B676-48992E49D06C}&mid=fde33345580047d182d5d16f2a06b44d-2337b176af3137f7f0dbaa17668946dc2600574b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 06:20:55&v=4.1.0.411&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> DefaultScope {FF768E86-06D2-4E2D-8CA0-35EF6BCB6109} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS472
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={09DDD402-1B13-456B-B676-48992E49D06C}&mid=fde33345580047d182d5d16f2a06b44d-2337b176af3137f7f0dbaa17668946dc2600574b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-11 06:20:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {FF768E86-06D2-4E2D-8CA0-35EF6BCB6109} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS472
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.5.160\AVG Web TuneUp.dll [2016-09-27] (AVG)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
Toolbar: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-10-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-10-06] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-11] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default [2016-09-27]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-13]
CHR Extension: (Skype) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-11-01] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-11-01] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-11-05] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2015-11-06] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
S2 vToolbarUpdater40.3.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.5\ToolbarUpdater.exe [1349704 2016-09-27] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-06] ()
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 ebdrv; C:\windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-11-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-13 19:11 - 2016-11-13 19:12 - 00018949 _____ C:\Users\Brian\Desktop\FRST.txt
2016-11-13 19:11 - 2016-11-13 19:11 - 00000000 ____D C:\FRST
2016-11-13 19:10 - 2016-11-13 19:11 - 00001090 _____ C:\Users\Brian\Desktop\SALog.txt
2016-11-13 11:02 - 2016-11-13 11:03 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 11:02 - 2016-11-13 11:02 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-13 11:02 - 2016-11-13 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-13 11:01 - 2016-11-13 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 11:01 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-11-13 11:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-11-13 00:11 - 2016-11-13 00:11 - 00001106 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-11-13 00:11 - 2016-11-13 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-11-13 00:05 - 2016-11-13 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-11-13 00:05 - 2016-11-13 00:02 - 00001066 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-11-13 00:00 - 2016-11-13 00:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-11-13 00:00 - 2016-11-13 00:09 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-11-12 23:52 - 2016-11-12 23:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-12 23:51 - 2016-11-12 23:51 - 02411520 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe
2016-11-12 23:51 - 2016-11-12 23:51 - 00899072 _____ C:\Users\Brian\Desktop\RGSA.exe
2016-11-12 23:48 - 2016-11-12 23:49 - 22851472 _____ (Malwarebytes ) C:\Users\Brian\Desktop\mbam-setup-2.2.1.1043.exe
2016-11-12 23:47 - 2016-11-12 23:47 - 00000000 ____D C:\Users\Brian\AppData\Local\ESET
2016-11-12 23:20 - 2016-11-12 23:20 - 00001899 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-11-12 23:03 - 2016-11-12 23:03 - 00000000 ____D C:\Users\Brian\AppData\Local\VS Revo Group
2016-11-12 23:02 - 2016-11-12 23:02 - 00001088 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-11-12 23:02 - 2016-11-12 23:02 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-11-12 23:02 - 2016-11-12 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-11-12 23:02 - 2016-11-12 23:02 - 00000000 ____D C:\Program Files\VS Revo Group
2016-11-12 23:02 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2016-11-12 22:34 - 2016-11-12 23:37 - 00000000 ____D C:\Users\Brian\AppData\Local\AvgSetupLog
2016-11-12 17:42 - 2016-11-12 17:42 - 00006640 ____N C:\bootsqm.dat
2016-11-12 16:33 - 2016-11-12 16:48 - 00000000 _____ C:\Users\Brian\AppData\Local\{0FA46704-3A9C-44EF-8E01-E34777B63718}
2016-11-01 10:59 - 2016-11-12 23:47 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-13 19:10 - 2014-01-02 11:18 - 01547794 _____ C:\windows\ntbtlog.txt
2016-11-13 11:02 - 2014-01-03 21:22 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes
2016-11-13 11:02 - 2014-01-03 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-13 10:58 - 2012-02-23 14:30 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-13 10:54 - 2012-02-23 16:18 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Skype
2016-11-13 10:54 - 2012-02-23 14:30 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-13 10:05 - 2012-10-23 05:44 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-11-13 09:39 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-13 09:39 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-13 09:31 - 2009-07-14 00:13 - 00783464 _____ C:\windows\system32\PerfStringBackup.INI
2016-11-13 09:31 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-11-13 09:25 - 2014-01-22 12:25 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-11-13 09:23 - 2012-02-23 14:37 - 00000000 ____D C:\ProgramData\Norton
2016-11-13 09:23 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-11-13 08:46 - 2012-05-01 09:33 - 00000000 ____D C:\ProgramData\LogMeIn
2016-11-12 23:47 - 2013-09-16 10:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-12 23:40 - 2011-08-07 21:01 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-12 23:38 - 2016-07-08 10:03 - 00000000 ____D C:\ProgramData\Avg
2016-11-12 23:38 - 2012-03-04 08:54 - 00000000 ____D C:\Program Files (x86)\AVG
2016-11-12 23:36 - 2012-02-23 14:37 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-11-12 23:34 - 2015-09-11 15:16 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-11-12 23:20 - 2011-08-07 21:04 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-11-12 23:20 - 2011-08-07 21:01 - 00000000 ____D C:\Program Files\TOSHIBA
2016-11-12 23:10 - 2009-07-14 00:08 - 00032590 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-11-12 23:09 - 2015-09-11 15:02 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-12 23:09 - 2012-03-04 08:51 - 00000000 ____D C:\ProgramData\MFAData
2016-11-12 23:07 - 2012-10-23 05:44 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-11-12 23:06 - 2012-05-03 06:18 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-11-12 23:06 - 2012-05-03 06:18 - 00000000 ____D C:\windows\system32\Macromed
2016-11-12 23:06 - 2011-08-07 21:07 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-12 23:06 - 2011-08-07 21:07 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-11-01 10:47 - 2012-05-01 09:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-11-01 10:45 - 2012-05-01 09:33 - 00122400 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2016-11-01 10:45 - 2012-05-01 09:33 - 00107520 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll

==================== Files in the root of some directories =======

2015-09-11 14:46 - 2015-09-11 14:46 - 6420480 _____ () C:\Program Files (x86)\GUT1DCD.tmp
2015-09-23 12:57 - 2015-09-23 12:57 - 6420480 _____ () C:\Program Files (x86)\GUT7E17.tmp
2016-11-12 16:33 - 2016-11-12 16:48 - 0000000 _____ () C:\Users\Brian\AppData\Local\{0FA46704-3A9C-44EF-8E01-E34777B63718}
2012-09-24 11:52 - 2012-09-24 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\3i8j698u.dll
C:\Users\Brian\AppData\Local\Temp\avguirn_081158605785.exe
C:\Users\Brian\AppData\Local\Temp\avguirn_08481191442.exe
C:\Users\Brian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-30 19:20

==================== End of FRST.txt ============================

 

 

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 13th November, 2016
Running from:C:\Users\Brian\Desktop (19:10:55 - 11/13/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - Not Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 23.0.0.162) is *out of Date*
Adobe Flash Player 23 ActiveX (version 23.0.0.205)
Adobe Reader XI (version 11.0.18)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)
Safari (version 5.1)

Google Chrome (version 53.0.2785.143) is *out of Date*
Windows Live Essentials (version 15.4.3538.0513) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*

***----------------Analysis Complete-------------------------***
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/13/2016
Scan Time: 11:03 AM
Logfile: mbam111216.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.13.05
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393140
Time Elapsed: 1 hr, 44 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Hopefully the data here will answer a lot of your questions. 

 

Thank you for your help.

 

 

JoeFixes


JoeFixes
(But only if its Broke)

#5 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 13 November 2016 - 08:03 PM

Joker,

 

To answer your second question.  I removed the AVG that was in there, there were also some remnants or Norton and McAfee that I removed as well.  But I am one of those guys that is not always convinced that EVERYTHING is removed when you uninstall.  So I wouldnt be surprised if something was lingering.  I also notice that when I search, I get a second tab opening up with mysearch.avg.com which tells me that AVG takes over a bit more than just virus monitoring. 

 

Did you have any other bits of information that I have not answered?  Oh!  yes....it does have a CD drive.  And the laptop is a Toshiba Satellite C655-S5307.

 

Thank you

 

JoeFixes


JoeFixes
(But only if its Broke)

#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 14 November 2016 - 12:58 AM

Please also post the contents of Addition.txt that was created by Farbar Recovery Scan Tool (FRST). It should be on the Desktop.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 14 November 2016 - 07:20 AM

sure thing....see below:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Brian (13-11-2016 19:13:03)
Running from C:\Users\Brian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-23 19:15:12)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-152007853-4061909777-1835481588-500 - Administrator - Disabled)
Brian (S-1-5-21-152007853-4061909777-1835481588-1001 - Administrator - Enabled) => C:\Users\Brian
Guest (S-1-5-21-152007853-4061909777-1835481588-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-152007853-4061909777-1835481588-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.5.160 - AVG Technologies)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.53 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom ™ 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{94C8D443-1D07-4E6D-A9EB-FDBA45A839D8}) (Version: 1.5.2.228 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.2.228 - Kaspersky Lab) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LogMeIn (HKLM-x32\...\{F099EA75-A298-4A13-93CB-D2446436B137}) (Version: 4.1.3888 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D722F8D7-29C3-4F3B-97D7-D77BDAF319FD}) (Version: 1.3.2335 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.3.00.04221 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{29E4D7C0-46E9-4E1E-B8CC-57E078B79881}) (Version: 2.0.0.0 - Husdawg, LLC)
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05664C18-4DF0-49E3-ABDF-900C6B04028E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {77E747EB-288C-4B2B-B1F0-F0FC8762C6FE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {8C078CD9-2B69-478E-8489-D8AA9C8DDC50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {BAB9037B-7F00-44BF-BCB6-41F2D8BC92F7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {CA76762B-2D82-4931-9CAE-B9F299C6484A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {CB85E796-72C1-473C-B147-EF95D1800DBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {CC6D8AD8-2A1A-472F-A212-1E73D5E0154E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {E1D4333C-824A-4C1B-982C-A30B9C70C110} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {EE7510BF-C476-42DE-A555-034C8F883549} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {F00A6B61-5908-4569-8DCC-F8EC4AB039C6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-152007853-4061909777-1835481588-1001\...\lpl.com -> lpl.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-09-26 13:50 - 00000062 ____N C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FEA3FF5F-3E7D-43CF-914D-8509667189A8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{20C79ECC-8E12-4929-93ED-11956D570C93}] => (Allow) LPort=2869
FirewallRules: [{2B01C89C-0B5A-4CA8-A4C3-0A5A41AF3A78}] => (Allow) LPort=1900
FirewallRules: [{E045C595-59F3-41CB-8760-EBEB2BB54159}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C74242D4-BCCB-488E-8023-D0BAA5595511}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{85D01688-FC6F-4C09-B1A7-35C4A0F799BA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EF8827B6-C641-42CB-9320-BFB5D8766090}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{BAA5C14D-5F23-4E29-8236-66556A9AFD62}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BF3568AF-39B5-4BFE-A2BE-D48E8C9B4CA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E8F0E641-9B8D-4FDF-B284-2E792EDA2301}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [TCP Query User{66581F15-E208-4E34-9B6D-FEED8ED58BC6}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{1462DE06-5074-4436-A1C4-9E2F64E37B08}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{159CA941-8C8E-40F9-A229-691E14525E74}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4AFF48B8-3C74-42C1-A990-AF9DB4646359}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{29607504-F8FC-45F3-BB5D-B00388ED819D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{EAB81ADD-FFA5-4DB7-80BA-3DB7FC0103C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{FDAD3A97-6F72-41FB-BEE5-85EE95947DA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0523E514-4014-4C70-986B-37EDE8E5006D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{625B1613-9A21-48F2-91B8-A2D9E2273547}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E9B3AFC9-9E06-4489-98FF-D26A8D584AA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7C54AB2-5DF1-4D0E-A500-B17B0F5C9E32}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{29D5175F-B78C-4C0F-8C6F-CAFC2646D347}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A60423B9-82C5-4CAA-A6C6-D0656B8D7E45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{425E65FA-E8F2-4D4F-8AD4-067B246CE777}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4D072BB9-1F8B-4A82-9BDD-A49E18308521}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5D7E2F8B-441D-4D53-A37C-F65C26360AFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D5F83DE0-8852-4CD8-AF26-CE3589EB648B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{8A6CCE3B-FC60-4BF3-AD75-8CB73B61FD73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-11-2016 23:41:08 Removed Java 7 Update 55 (64-bit)

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2016 11:01:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2016 09:25:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/13/2016 08:46:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10328889

Error: (11/13/2016 08:46:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10328889

Error: (11/13/2016 08:46:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:46:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10327891

Error: (11/13/2016 08:46:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10327891

Error: (11/13/2016 08:46:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2016 08:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10326892

Error: (11/13/2016 08:46:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10326892


System errors:
=============
Error: (11/13/2016 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:11:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:10:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:10:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:10:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/13/2016 07:10:47 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


CodeIntegrity:
===================================
  Date: 2014-01-04 07:02:52.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-04 07:02:52.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 19%
Total physical RAM: 4043.86 MB
Available physical RAM: 3248.96 MB
Total Virtual: 8085.93 MB
Available Virtual: 7389.62 MB

==================== Drives ================================

Drive c: (TI106238W0C) (Fixed) (Total:452.02 GB) (Free:7.72 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 375C34F0)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.3 GB) - (Type=17)

==================== End of Addition.txt ============================


JoeFixes
(But only if its Broke)

#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 14 November 2016 - 08:04 PM

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-06] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={09DDD402-1B13-456B-B676-48992E49D06C}&mid=fde33345580047d182d5d16f2a06b44d-2337b176af3137f7f0dbaa17668946dc2600574b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 06:20:55&v=4.1.0.411&pid=wtu&sg=&sap=hp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> DefaultScope {FF768E86-06D2-4E2D-8CA0-35EF6BCB6109} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS472
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={09DDD402-1B13-456B-B676-48992E49D06C}&mid=fde33345580047d182d5d16f2a06b44d-2337b176af3137f7f0dbaa17668946dc2600574b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-11 06:20:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll => No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.5.160\AVG Web TuneUp.dll [2016-09-27] (AVG)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-13]
S2 vToolbarUpdater40.3.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.5\ToolbarUpdater.exe [1349704 2016-09-27] (AVG Secure Search)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-06] ()
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-11-12 23:38 - 2016-07-08 10:03 - 00000000 ____D C:\ProgramData\Avg
2016-11-12 23:38 - 2012-03-04 08:54 - 00000000 ____D C:\Program Files (x86)\AVG
Task: {05664C18-4DF0-49E3-ABDF-900C6B04028E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
FirewallRules: [{BF3568AF-39B5-4BFE-A2BE-D48E8C9B4CA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E8F0E641-9B8D-4FDF-B284-2E792EDA2301}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{29607504-F8FC-45F3-BB5D-B00388ED819D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{EAB81ADD-FFA5-4DB7-80BA-3DB7FC0103C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{29D5175F-B78C-4C0F-8C6F-CAFC2646D347}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A60423B9-82C5-4CAA-A6C6-D0656B8D7E45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{425E65FA-E8F2-4D4F-8AD4-067B246CE777}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4D072BB9-1F8B-4A82-9BDD-A49E18308521}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5D7E2F8B-441D-4D53-A37C-F65C26360AFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D5F83DE0-8852-4CD8-AF26-CE3589EB648B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)

end

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

For the following, if you are still unable to work in normal mode, save the following files to CD/DVD and transfer them to the Desktop of the system you are working on. You can use a flash drive but that is less secure, please see:

USB/Flash Drive Safety

 

 

Download the following tool and save it to your Desktop:
http://files-downloa...AVG_Remover.exe
Double-click AVG_Remover.exe to run the program.
Accept the license agreement and then choose AVG Antivirus and AVG Web TuneUp and remove them.
Close the program when finished.

 

 

Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right click on the icon and chose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it.
  • If you are using Windows Vista or Windows 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

 

Please post the logs from FRST (Fixlog.txt), AdwCleaner and Junkware Removal Tool, and let me know how the system is running.

Do you still have a problem working in normal mode and have to use Safe Mode?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 15 November 2016 - 12:27 PM

Hi Joker,

 

Thank you again for your help.  Lots of things to clean up here.  Below are the logs you requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Brian (15-11-2016 10:48:09) Run:1
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian &  (Available Profiles: Brian)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-06] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://mysearch.avg.com/?cid={09DDD402-1B13-456B-B676-48992E49D06C}&mid=fde33345580047d182d5d16f2a06b44d-2337b176af3137f7f0dbaa17668946dc2600574b&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 06:20:55&v=4.1.0.411&pid=wtu&sg=&sap=hp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> DefaultScope {FF768E86-06D2-4E2D-8CA0-35EF6BCB6109} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS472
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={09DDD402-1B13-456B-B676-48992E49D06C}&mid=fde33345580047d182d5d16f2a06b44d-2337b176af3137f7f0dbaa17668946dc2600574b&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-11 06:20:55&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-152007853-4061909777-1835481588-1001 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll => No File
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.5.160\AVG Web TuneUp.dll [2016-09-27] (AVG)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.5\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-13]
S2 vToolbarUpdater40.3.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.5\ToolbarUpdater.exe [1349704 2016-09-27] (AVG Secure Search)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-06] ()
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [X]
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-11-12 23:38 - 2016-07-08 10:03 - 00000000 ____D C:\ProgramData\Avg
2016-11-12 23:38 - 2012-03-04 08:54 - 00000000 ____D C:\Program Files (x86)\AVG
Task: {05664C18-4DF0-49E3-ABDF-900C6B04028E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
FirewallRules: [{BF3568AF-39B5-4BFE-A2BE-D48E8C9B4CA9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E8F0E641-9B8D-4FDF-B284-2E792EDA2301}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{29607504-F8FC-45F3-BB5D-B00388ED819D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{EAB81ADD-FFA5-4DB7-80BA-3DB7FC0103C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{29D5175F-B78C-4C0F-8C6F-CAFC2646D347}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{A60423B9-82C5-4CAA-A6C6-D0656B8D7E45}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{425E65FA-E8F2-4D4F-8AD4-067B246CE777}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4D072BB9-1F8B-4A82-9BDD-A49E18308521}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5D7E2F8B-441D-4D53-A37C-F65C26360AFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D5F83DE0-8852-4CD8-AF26-CE3589EB648B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\AVG
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)

end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKU\S-1-5-21-152007853-4061909777-1835481588-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}" => key removed successfully
HKCR\CLSID\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => key removed successfully
"HKCR\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
vToolbarUpdater40.3.5 => service removed successfully
WtuSystemSupport => service removed successfully
vToolbarUpdater17.2.0 => service removed successfully
LMIRfsClientNP => service removed successfully
catchme => service removed successfully
C:\ProgramData\Avg => moved successfully
C:\Program Files (x86)\AVG => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05664C18-4DF0-49E3-ABDF-900C6B04028E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05664C18-4DF0-49E3-ABDF-900C6B04028E}" => key removed successfully
C:\windows\System32\Tasks\Remediation\AntimalwareMigrationTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF3568AF-39B5-4BFE-A2BE-D48E8C9B4CA9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E8F0E641-9B8D-4FDF-B284-2E792EDA2301} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29607504-F8FC-45F3-BB5D-B00388ED819D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAB81ADD-FFA5-4DB7-80BA-3DB7FC0103C6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29D5175F-B78C-4C0F-8C6F-CAFC2646D347} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A60423B9-82C5-4CAA-A6C6-D0656B8D7E45} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{425E65FA-E8F2-4D4F-8AD4-067B246CE777} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D072BB9-1F8B-4A82-9BDD-A49E18308521} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D7E2F8B-441D-4D53-A37C-F65C26360AFA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5F83DE0-8852-4CD8-AF26-CE3589EB648B} => value removed successfully
"C:\Program Files (x86)\AVG" => not found.
C:\Program Files (x86)\Common Files\AVG Secure Search => moved successfully
C:\Program Files (x86)\AVG Web TuneUp => moved successfully
"C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13378362 B
Java, Flash, Steam htmlcache => 146889 B
Windows/system/drivers => 1466843312 B
Edge => 0 B
Chrome => 331475472 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42380848 B
systemprofile32 => 4594191 B
LocalService => 16384 B
NetworkService => 12372 B
Brian => 3321704334 B
TEMP => 33125 B

RecycleBin => 25138250437 B
EmptyTemp: => 28.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:59:37 ====

 

 

 

 

 

 

# AdwCleaner v6.030 - Logfile created 15/11/2016 at 12:07:23
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-15.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Brian - BRIAN-PC
# Running from : C:\Users\Brian\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0215tb
[-] Folder deleted: C:\Users\Brian\AppData\Local\avg web tuneup
[#] Folder deleted on reboot: C:\Users\Brian\AppData\LocalLow\avg web tuneup
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Secure Search
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\ProgramData\avg web tuneup
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Secure Search
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\avg web tuneup
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key deleted: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-152007853-4061909777-1835481588-1001\Software\AVG Tuneup
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKCU\Software\AVG Tuneup
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[#] Key deleted on reboot: [x64] HKCU\Software\AVG Tuneup
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.izito.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh


***** [ Web browsers ] *****

[-] [C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: isearch.avg.com
[-] [C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7783 Bytes] - [15/11/2016 12:07:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [7406 Bytes] - [15/11/2016 12:03:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7929 Bytes] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Brian (Administrator) on Tue 11/15/2016 at 12:22:53.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Failed to delete: C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4XLZW20 (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files (x86)\GUT1DCD.tmp (File)
Successfully deleted: C:\Program Files (x86)\GUT7E17.tmp (File)
Successfully deleted: C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HWLRGZX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ODF1SX4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRPXHID8 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-3DFE7DE9.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARMANAGER_A6282D74-E499780F.pf (File)
Successfully deleted: C:\windows\prefetch\TOOLBARUPDATER.EXE-E168B0D2.pf (File)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HWLRGZX (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ODF1SX4 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4XLZW20 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRPXHID8 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\SysWOW64\sho12C5.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho169B.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho6567.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho6624.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho77FF.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoC486.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoDEF4.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoF8D4.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/15/2016 at 12:27:01.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

So by the way i had to download Mozilla because I was not able to paste into IE.  There is still quite some lag to the PC.  When I type it takes several long second before anything receives.  Please see if the logs tell you anything and I will wait to hear back from you.

 

Thank you

 

JoeFixes


JoeFixes
(But only if its Broke)

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 15 November 2016 - 09:24 PM

When you say you still have "some lag", is this while booting into Normal mode?

You say you downloaded Mozilla, what mode was the computer booted into? Normal, or Safe Mode with Networking (which is not safe, particularly for a compromised system, as it bypasses security software)?

 

Before proceeding further I need to know if even with the lag, can you now boot to and run programs in Normal mode?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 16 November 2016 - 07:59 AM

Joker,

 

Yes.  Sorry for the confusion.  I am running in normal mode and have been even during the cleaning process.  This morning when I turn the ,computer on it seems to be behaving much better.  The lag I mention is not during booting...in fact the boot time is quite impressive.  I am referring to the response when you make a keystroke.  Although as I mentioned, it seems far better this morning.  As I type this reply, there is no lag.  I will continue to use the computer and see how it responds throughout the day.  But to answer your question, I am in normal mode and have been for a little bit.

 

Thank you

 

 

Joe LoPresti


JoeFixes
(But only if its Broke)

#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 17 November 2016 - 12:48 AM

Please read https://blogs.micros...ndows-defender/

 

If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware, but to protect yourself from viruses, you’ll need to download antivirus software. You can purchase it from a third party, or you can download Microsoft Security Essentials for free.

 

You need to have an antivirus program installed. Two recommendations other than Microsoft Security Essentials would be either Avast or Avira.

Once you install an antivirus, please perform a full system scan and quarantine anything found.

 

You can optionally uninstall Kaspersky Security Scan. It's not an antivirus program, but rather a vulnerabilities scanner and will not protect your system from viruses.

 

You can also optionally uninstall McAfee Security Scan Plus if it was not intentionally installed. It may have been bundled with other software that was installed and not intended to have been installed.

 

Once you have done that, let's try ESET Online Scanner again.

 

Please scan your system with ESET Online Scanner

Ensure that you have the flash drive plugged in when you run the scan.

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • Note: if nothing is detected, ESET Online Scan will not create a log.

 

The installed versions of Flash for Firefox is outdated and vulnerable. Please uninstall:
Adobe Flash Player 23 NPAPI

 

You can download and install the latest version here:

 

Please post the log from ESET Online Scanner, note any errors, and let me know how the system is running.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 20 November 2016 - 02:22 PM

Hi Joker,

 

Okay..it has been a few days now.  I was running the ESET online scanner.  It was going for over 50 hours and then the computer restarted for some reason and left no trace of the scan.  Very frustrating.  I did install AVAST and ran a full system scan which took a little over 5 hours.  It did not find any viruses but it did produce a report with a bunch of files that said ERROR: DATA ERROR (CYCLIC REDUNDANCE CHECK) (23).  I cannot figure out how to export the report to a text file but I can take a picture of the screen and post it if you think it will help.  The computer is far better than it was (I am using it to post this reply) but it is still laborious at best.  I am considering re-installing the operating system. 

 

Any additional thoughts you may have are greatly appreciated.

 

JoeFixes


JoeFixes
(But only if its Broke)

#14 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 20 November 2016 - 09:48 PM

he computer is far better than it was (I am using it to post this reply) but it is still laborious at best.  I am considering re-installing the operating system.

 

That's always an option. If you decide to do that, please let me know. Remember that would involve installing lots of updates, locating and installing the correct drivers from the manufacturer if Windows didn't install all of them, and reinstalling all the applications (some might require knowing what the original serial number was if there were additional previously purchased programs to reinstall).

 

There are apparently some disk errors.

 

Go to Start > All Programs > Accessories > right-click on Command Prompt and select "Run as administrator", select Yes to the User Account Control prompt.
In the Command Prompt window that opens, type the below line and then press Enter:
chkdsk c: /r /x
It may take some time to check the disk for errors and correct them.

Please reboot when finished.

 

Please go to Start -> Run -> cmd and press Enter.  At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter.  This will run the System File Checker.  Follow the prompts, and insert your Windows installation CD if requested.  Then please restart your computer.

 

How did that go, did you encounter any errors?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#15 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 21 November 2016 - 07:59 PM

Hi Joker,

 

This is so frustrating because I was trying to back up all of the files on this PC.  Pictures, Music, Videos and Docs...but the library is over 300GB and i just don't have enough space on any external or network storage to back it all up!  So i canceled that operation and did the CHKDSK which it said it couldn't do it at the time but would run at the next restart.  So i restarted and it came up pretty quickly and said the file is clean.  So i booted into normal mode, which overall isnt that bad...UNTIL you click the right mouse button.  For some reason right-clicking stumps this PC and it just stalls.  Nothing else is running, but that right-click causes an immediate slow-down.  But I am patient and I waited.  Probably 5-7 minutes before the right-click menu appeared.  Of course i needed the right-click menu so i could run the CMD prompt as Administrator.  I am running the SFC scan now and will report my findings. 

 

I've researched this particular laptop and restoring to out-of-the-box condition is possible.  There is a partition on the HDD with the operating system.  You are right about the updates though.  Still it may not be a bad option if I could only backup the library files.

 

I will be back.

 

JoeFixes


JoeFixes
(But only if its Broke)

#16 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 21 November 2016 - 09:43 PM

Hi Joker,

 

Below is the log from the SFC scan. In the meantime I will run disk defrag...can't hurt...right?  In the meantime, I will put any plans for restoring on hold as it makes no sense to restore onto a drive with bad sectors.


JoeFixes
(But only if its Broke)

#17 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 21 November 2016 - 10:08 PM

That file was too big to paste.  And I cannot attach it.  If you think you need to see it, please let me know so we can figure a way to post/paste it.

 

 

JoeFixes

 

 


JoeFixes
(But only if its Broke)

#18 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 22 November 2016 - 08:41 PM

Go to Start > All Programs > Accessories, right-click on Command Prompt and select Run as administrator

  • When command prompt opens, copy and paste the following command into it, press enter.

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > %userprofile%\Desktop\cbs.txt

 
Attach   %userprofile%\Desktop\cbs.txt  to your next reply (it will be on your Desktop).

 

 

For the mouse problem, Your version of Microsoft Mouse and Keyboard Center appears to be outdated.

Go to Control Panel, and uninstall the following item:

Microsoft Mouse and Keyboard Center

 

Then download the current 64-bit version from here:

https://www.microsof...keyboard-center

Save the file to the Desktop, then double-click the file to run the installer and follow the prompts.

Restart the system.

 

Did that improve the mouse lag?

Did you have any error running the script to create cbs.txt?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#19 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 23 November 2016 - 09:05 AM

Hi Joker,

 

I am not able to upload any files.  I have had this problem for a while.  When I try to attach the file, it says it is too large.  The txt file is only 54 KB but the website says I can only upload 9kb.  Should I try to paste it?

 

Thank you

 

JoeFixes

 

 


JoeFixes
(But only if its Broke)

#20 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 24 November 2016 - 09:17 PM

Yes, please copy and paste the file into your next reply. If the file if cut off from being too large, check to see where it cut off and post the remainder in another reply.

 

Has updating the Microsoft Mouse and Keyboard Center helped with the mouse?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#21 JoeFixes

JoeFixes

    Forum Deity

  • Full Member
  • PipPipPipPipPip
  • 589 posts

Posted 28 November 2016 - 10:57 AM

Hi Joker,

 

Yes...the keyboard and mouse update did seem to help.  I cannot attach any file though.  I remember this being a problem on a previous situation also.

 

Meanwhile, i removed the hard drive and gave it to my friend so he could remove the photos, music and documents from it.  I think the bad sectors are what is causing the real problem.  When it works....it works fine, but as you continue to work on the laptop it all too often freezes up. 

 

I am probably going to buy a new HDD and install windows on it.  I thank you for your help, at this point we can probably close out this topic.

 

JoeFixes


JoeFixes
(But only if its Broke)

#22 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,477 posts

Posted 28 November 2016 - 09:04 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button