Wife's Computer is very slow...multiple threats detected.

[chrisfine01]

Hello...I'm looking for some help.  My wifre's computer is super slow.  I've scanned for viruses with Avast and found nothing.  I ran PC optimization with Avast but that did not help.  I ran Mbam and it found several threats.  I cleaned all of those and rebooted.  Laptop is still really slow....like 20-30 second lag with most mouse clicks.  Very frustrating.  I'm afraid there is something there that we have not been able to detect.

 

Can anyone help me?  I have attached my mbam log to this post.

 

Thank you,

 

Chris

mbam-log-2015-09-30 (11-46-03).xml

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[chrisfine01]

Thank you for the quick reply

 

Here are the logs from Fubar

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Monica (administrator) on FINEMOMMIE (30-09-2015 13:53:19)
Running from C:\Users\Monica\Desktop\removal
Loaded Profiles: Monica (Available Profiles: Monica & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_185_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-30] (AVAST Software)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3465888097-3273778192-115117043-1001\...\Run: [LaunchList] => C:\Program Files (x86)\Pinnacle\Studio 11\LaunchList2.exe
HKU\S-1-5-21-3465888097-3273778192-115117043-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3465888097-3273778192-115117043-1001\...\Run: [Dropbox Update] => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3465888097-3273778192-115117043-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-30] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51197;https=127.0.0.1:51197
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8073B2E1-F96E-404B-80A0-7C00AE68375E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E4AB4E9D-5359-4DF9-8189-DAA56F22E4A5}: [DhcpNameServer] 10.99.20.48 10.99.20.49

Internet Explorer:
==================
HKU\S-1-5-21-3465888097-3273778192-115117043-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {D2B53387-C18D-480F-BB7D-7E219355F685} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D2B53387-C18D-480F-BB7D-7E219355F685} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {887BB36E-DA65-4E15-B46E-7667A2FB74AC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {887BB36E-DA65-4E15-B46E-7667A2FB74AC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3465888097-3273778192-115117043-1001 -> DefaultScope {494CE8CB-3DB1-481E-8A0E-827C628A84A7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-3465888097-3273778192-115117043-1001 -> {494CE8CB-3DB1-481E-8A0E-827C628A84A7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-3465888097-3273778192-115117043-1001 -> {887BB36E-DA65-4E15-B46E-7667A2FB74AC} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3465888097-3273778192-115117043-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={796DBA00-0B39-4B11-966E-088E21C6B70D}&mid=fd1b73eb160747d3a75dd16f2a2acd9f-170c73a909530f0216cff089254e903e2910362e〈=en&ds=co012&coid=avgtbdisco&cmpid=&pr=sa&d=2013-09-17 20:53:39&v=18.1.0.443&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3465888097-3273778192-115117043-1001 -> {D2B53387-C18D-480F-BB7D-7E219355F685} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-30] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-30] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-30] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-30] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-30] (Microsoft Corporation)
BHO-x32: No Name -> {651CA263-4157-4AC5-B7C2-03A7C1C00457} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-30] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-30] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-30] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3465888097-3273778192-115117043-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll [2014-08-12] (AVG Secure Search)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-31]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-30]
CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndkhncnongaclekkbelchmeafffimifj] - C:\Users\Monica\AppData\Local\Giant Savings\Chrome\Giant Savings.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-30] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-09-05] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 PCLEPCI; C:\windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-30] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-30] (AVAST Software)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-30] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 13:52 - 2015-09-30 13:53 - 00000000 ____D C:\FRST
2015-09-30 13:51 - 2015-09-30 13:53 - 00000000 ____D C:\Users\Monica\Desktop\removal
2015-09-30 13:50 - 2015-09-30 13:50 - 02192384 _____ (Farbar) C:\Users\Monica\Downloads\FRST64.exe
2015-09-30 12:38 - 2015-09-30 12:38 - 00000056 _____ C:\windows\setupact.log
2015-09-30 12:38 - 2015-09-30 12:38 - 00000000 _____ C:\windows\setuperr.log
2015-09-30 12:37 - 2015-09-30 12:37 - 00006356 _____ C:\windows\PFRO.log
2015-09-30 12:03 - 2015-09-30 12:03 - 00000000 ____D C:\windows\SysWOW64\vbox
2015-09-30 12:03 - 2015-09-30 12:03 - 00000000 ____D C:\windows\system32\vbox
2015-09-30 11:37 - 2015-09-30 11:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Sun
2015-09-30 11:37 - 2015-09-30 11:37 - 00000000 ____D C:\Users\Guest\.oracle_jre_usage
2015-09-30 10:31 - 2015-09-30 12:33 - 00001931 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-30 10:31 - 2015-09-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-30 10:30 - 2015-09-30 10:27 - 00132656 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
2015-09-30 10:29 - 2015-09-30 10:29 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-09-30 10:28 - 2015-09-30 10:28 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-09-30 10:23 - 2015-09-30 10:24 - 05693008 _____ (AVAST Software) C:\Users\Monica\Downloads\avast_free_antivirus_setup_online.exe
2015-09-30 10:16 - 2015-09-30 10:16 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Sun
2015-09-30 10:16 - 2015-09-30 10:16 - 00000000 ____D C:\Users\Monica\.oracle_jre_usage
2015-09-30 10:16 - 2015-09-30 10:14 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-30 10:04 - 2015-09-30 10:04 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-09-20 18:49 - 2015-09-20 18:49 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-10 16:30 - 2015-09-10 16:30 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-03 16:19 - 2015-09-30 12:40 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 07:35 - 2015-09-03 07:35 - 06420480 _____ C:\Program Files (x86)\GUT5C91.tmp
2015-09-03 07:35 - 2015-09-03 07:35 - 00000000 ____D C:\Program Files (x86)\GUM5C33.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-30 13:54 - 2011-07-21 15:16 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-30 13:40 - 2011-07-21 14:45 - 01347339 _____ C:\windows\WindowsUpdate.log
2015-09-30 13:28 - 2011-08-31 22:52 - 00000000 ____D C:\Users\Monica\AppData\Local\Google
2015-09-30 13:27 - 2015-06-22 09:47 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3465888097-3273778192-115117043-1001UA.job
2015-09-30 13:25 - 2014-08-24 21:18 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-30 13:24 - 2011-09-01 06:39 - 00000000 ___RD C:\Users\Monica\Dropbox
2015-09-30 13:17 - 2014-08-25 07:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-30 12:48 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-30 12:48 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-30 12:41 - 2011-09-01 06:35 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Dropbox
2015-09-30 12:40 - 2014-02-09 17:08 - 00000374 _____ C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2015-09-30 12:40 - 2014-02-09 17:08 - 00000372 _____ C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2015-09-30 12:38 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-30 12:37 - 2010-11-21 03:16 - 00000000 ____D C:\windows\ShellNew
2015-09-30 12:33 - 2014-08-24 21:16 - 00001107 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-30 12:33 - 2014-06-19 17:58 - 00002403 _____ C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2015-09-30 12:33 - 2014-04-09 09:55 - 00001788 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-30 12:33 - 2014-04-09 09:38 - 00001850 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-30 12:33 - 2013-12-11 00:02 - 00002024 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-09-30 12:33 - 2011-09-01 06:49 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-30 12:33 - 2011-07-21 15:11 - 00001726 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
2015-09-30 12:33 - 2011-04-11 02:22 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-09-30 12:33 - 2011-04-11 02:21 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-09-30 12:33 - 2011-04-11 02:21 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-09-30 12:33 - 2011-04-11 02:21 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-09-30 12:33 - 2011-04-11 02:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-09-30 12:33 - 2011-04-11 02:05 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-30 12:33 - 2011-04-11 02:05 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-09-30 12:33 - 2009-07-14 00:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-30 12:33 - 2009-07-14 00:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-09-30 12:33 - 2009-07-14 00:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-09-30 12:33 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-09-30 12:33 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-09-30 12:32 - 2015-01-30 23:50 - 00000885 _____ C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2015-09-30 12:32 - 2015-01-30 23:50 - 00000855 _____ C:\Users\Monica\Desktop\Temp File Cleaner.lnk
2015-09-30 12:32 - 2014-10-19 17:49 - 00000916 _____ C:\Users\Monica\Desktop\Atlas GIS.lnk
2015-09-30 12:32 - 2014-01-26 12:52 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-09-30 12:32 - 2011-08-31 22:47 - 00001424 _____ C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-30 12:32 - 2011-04-11 02:18 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk
2015-09-30 12:32 - 2009-07-14 01:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-09-30 12:32 - 2009-07-14 00:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-09-30 12:26 - 2015-06-22 09:47 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3465888097-3273778192-115117043-1001Core.job
2015-09-30 11:41 - 2014-08-24 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-30 11:41 - 2014-08-24 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-30 11:38 - 2011-08-31 22:45 - 00000000 ____D C:\Users\Monica
2015-09-30 11:37 - 2012-05-13 21:21 - 00000000 ____D C:\Users\Guest
2015-09-30 11:26 - 2014-07-02 13:38 - 00000460 _____ C:\windows\Tasks\ArcadeYum.job
2015-09-30 11:19 - 2014-04-20 15:14 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-09-30 10:29 - 2014-04-20 15:20 - 00153744 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-09-30 10:29 - 2014-04-20 15:20 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-09-30 10:29 - 2014-04-20 15:14 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-09-30 10:29 - 2014-04-20 15:14 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-09-30 10:29 - 2014-04-20 15:14 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-09-30 10:29 - 2011-08-31 23:44 - 00448968 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-09-30 10:29 - 2011-08-31 23:44 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-09-30 10:28 - 2011-08-31 23:44 - 01049880 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-09-30 10:20 - 2013-12-04 21:12 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2015-09-30 10:17 - 2013-12-10 23:34 - 00000000 ____D C:\ProgramData\Oracle
2015-09-30 10:17 - 2011-04-11 02:12 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-30 10:16 - 2014-08-24 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-30 10:14 - 2014-08-24 21:04 - 00274016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-09-30 09:52 - 2013-06-12 21:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 22:42 - 2014-08-25 07:08 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 22:41 - 2014-08-25 07:08 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 22:41 - 2014-08-25 07:08 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-22 22:36 - 2009-07-14 01:13 - 00783464 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-20 18:49 - 2011-07-21 15:16 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-10 17:19 - 2009-07-14 01:32 - 00000000 ____D C:\windows\system32\FxsTmp

==================== Files in the root of some directories =======

2015-09-03 07:35 - 2015-09-03 07:35 - 6420480 _____ () C:\Program Files (x86)\GUT5C91.tmp
2012-01-26 10:17 - 2012-08-18 11:26 - 0004096 ____H () C:\Users\Monica\AppData\Local\keyfile3.drm
2014-03-21 17:51 - 2014-03-21 17:51 - 0000086 _____ () C:\ProgramData\dlebscan.log
2012-07-18 15:04 - 2012-07-18 17:19 - 0000024 _____ () C:\ProgramData\__FileUploader.log

Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdn3xdr.dll
C:\Users\Monica\AppData\Local\Temp\jre-8u60-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-12 09:48

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Monica (2015-09-30 13:54:57)
Running from C:\Users\Monica\Desktop\removal
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-01 02:45:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3465888097-3273778192-115117043-500 - Administrator - Disabled)
Guest (S-1-5-21-3465888097-3273778192-115117043-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3465888097-3273778192-115117043-1002 - Limited - Enabled)
Monica (S-1-5-21-3465888097-3273778192-115117043-1001 - Administrator - Enabled) => C:\Users\Monica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-3465888097-3273778192-115117043-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.3.0 - Addpcs, LLC)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.11.14 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3465888097-3273778192-115117043-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Monica\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-09-2015 13:16:11 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04256C5D-D9BB-4265-85FA-C01A931D70C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {0748D227-7FC2-4F6F-8CD1-D36F8531186F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {126313B6-A43E-4838-BB23-3076DF947A2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {1E736973-7A58-4C2F-A313-C5E8BF288585} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-09-05] (Symantec Corporation)
Task: {21EF6067-F0C6-4EDD-A0E4-FDFBF8F70DB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {5981B4CD-8D04-442A-9478-372AA720D5B9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3465888097-3273778192-115117043-1001Core => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {666F3229-5A47-43E6-BD7A-7F7A1B971F77} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {68F5A706-A450-4758-9B4B-10D262EBAC28} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3465888097-3273778192-115117043-1001UA => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {97FDA885-3A71-44A9-AECA-2CE3A28A0F2D} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {9810AF6B-35A7-420E-89BF-6D81B11020E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {9BC99ED9-315E-4349-AA88-2711E4BD4BA8} - \BitGuard -> No File <==== ATTENTION
Task: {B117305B-DA96-4C60-9E98-9EA5AE052117} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {CF4F319A-91F2-47F6-8D86-7657443F5285} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {DBC8E2B2-4712-490B-B23C-5A4AA3F0B69D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E878D0BC-C376-457A-9ED2-43AD91DF7950} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-30] (AVAST Software)
Task: {ED3E9BC4-1DCD-46C7-9364-EB47922EA05C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {F244A631-F557-4831-BB64-48EB8E5B9D79} - System32\Tasks\ArcadeYum => C:\Users\Monica\AppData\Local\ArcadeYum\ArcadeYumVersionControl.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ArcadeYum.job => C:\Users\Monica\AppData\Local\ArcadeYum\ArcadeYumVersionControl.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3465888097-3273778192-115117043-1001Core.job => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3465888097-3273778192-115117043-1001UA.job => C:\Users\Monica\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-15 21:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-12 15:26 - 2014-08-12 15:26 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2015-09-30 09:39 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-08 18:42 - 2010-12-08 18:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-09-30 10:28 - 2015-09-30 10:28 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-30 10:28 - 2015-09-30 10:28 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-30 06:59 - 2015-09-30 06:59 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15093000\algo.dll
2015-09-30 12:39 - 2015-09-30 12:39 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15093001\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-12 15:26 - 2014-08-12 15:26 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-09-30 10:29 - 2015-09-30 10:29 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3465888097-3273778192-115117043-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{76FD7710-A70F-498E-A202-C10712C62C18}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CD0EF3BE-86F3-4452-BCA5-0AC2147D8808}] => (Allow) LPort=2869
FirewallRules: [{6D1C6BE3-E8BF-460F-92A0-A06E488A8223}] => (Allow) LPort=1900
FirewallRules: [{479945B7-9FFC-4A7B-9F3F-A06488AD70A1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E5FCA8BD-6544-434B-9D29-A271568852C8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AA8AB8E1-781A-4A9C-A09E-3BC58A7F7A5A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C1EEC85-3464-4A9D-BEE6-4CEA1B2C6EE1}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E3D11099-0527-4BC7-B636-E05D7CBE52C3}] => (Allow) C:\Users\Monica\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A36ACB37-9699-4085-922C-F23D8A346E64}C:\users\monica\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\monica\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{013E0480-27E8-4539-85A2-54876F0E28C4}C:\users\monica\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\monica\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{82B21CE6-74B1-477A-9BFC-3990FBC407D4}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{884CEDCB-6706-4CF9-B6B8-BBB0E65E5896}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{775621CD-B8BA-4138-91BC-16CDB6408E89}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6E00EEA-0467-4856-BF4F-5810874EC729}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0FCD885F-E84E-4153-A0AB-1A9CEF6EA9B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64E4BE35-0015-4266-BC6D-C791C53D7974}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C5595876-F769-434A-B1AC-E460BE500E61}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{582BB6EE-B9EB-48A4-AFE8-364EA955D3C0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{05EB5769-8E7A-44E6-BDB9-B6C4A18A37BE}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\RM.exe
FirewallRules: [{250DF50A-A3F2-43F6-8269-D618C9B037F0}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\RM.exe
FirewallRules: [{10A70765-0950-49DF-8891-23C605B96F65}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\Studio.exe
FirewallRules: [{2DCEE96F-E0F8-4338-9FCC-0C328C6B907E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\Studio.exe
FirewallRules: [{1C777960-69C1-49F1-9301-9FD2D7305334}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\PMSRegisterFile.exe
FirewallRules: [{ADE04DD3-0773-4DDB-ABD0-D6350D94FCAA}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\PMSRegisterFile.exe
FirewallRules: [{1819BC97-132A-4DD2-A1B4-A036486B198B}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\umi.exe
FirewallRules: [{54BE0909-BDAB-4825-B2DA-80EEE281D58F}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 11\programs\umi.exe
FirewallRules: [TCP Query User{C2BBB0E6-7467-40C5-9329-A2765C657938}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{DB97D13C-1301-40CF-AD3F-85666F560F43}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{08938AEC-BA54-4B5F-9019-03EA4F681D3D}C:\program files (x86)\pinnacle\studio 11\programs\studio.exe] => (Allow) C:\program files (x86)\pinnacle\studio 11\programs\studio.exe
FirewallRules: [uDP Query User{D8B24480-5D60-4B5D-8292-F521F9EE1B46}C:\program files (x86)\pinnacle\studio 11\programs\studio.exe] => (Allow) C:\program files (x86)\pinnacle\studio 11\programs\studio.exe
FirewallRules: [{E5D1DBA8-380E-48DD-88BA-06A1324817B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{76B54F4B-E13D-4211-B78E-D5CEDB4CB2E1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5B40CBE1-91BD-4993-B052-EFB1AC7E3E37}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{7049FAF2-F3B8-4C92-9B2A-E366351A50D6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{9DB20DAF-65AF-4168-82D7-87BC474FBB45}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{E25688CE-A514-4195-B76B-45BA63F29534}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{926B57C1-FA35-404B-BF62-2F5FD4148381}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D64A2D6B-60EE-4584-9ABF-052C1A52D155}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4FF1C0CE-CCD4-4F09-9F9D-F638D49DEB86}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9EDA6DD8-3749-4758-AADC-1F33AFA714A0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5F564D21-A9FD-4310-BF53-6B27BEBA138E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2015 12:40:51 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (09/30/2015 12:40:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (09/30/2015 12:39:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 11:19:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 10:40:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/30/2015 10:38:55 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (09/30/2015 10:38:24 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (09/30/2015 10:36:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/30/2015 10:03:03 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/30/2015 10:02:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

System errors:
=============
Error: (09/30/2015 12:38:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (09/30/2015 11:32:44 AM) (Source: DCOM) (EventID: 10016) (User: FineMommie)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FineMommieGuestS-1-5-21-3465888097-3273778192-115117043-501LocalHost (Using LRPC)

Error: (09/30/2015 11:32:44 AM) (Source: DCOM) (EventID: 10016) (User: FineMommie)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FineMommieGuestS-1-5-21-3465888097-3273778192-115117043-501LocalHost (Using LRPC)

Error: (09/30/2015 11:32:38 AM) (Source: DCOM) (EventID: 10016) (User: FineMommie)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FineMommieGuestS-1-5-21-3465888097-3273778192-115117043-501LocalHost (Using LRPC)

Error: (09/30/2015 11:32:34 AM) (Source: DCOM) (EventID: 10016) (User: FineMommie)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FineMommieGuestS-1-5-21-3465888097-3273778192-115117043-501LocalHost (Using LRPC)

Error: (09/30/2015 11:32:25 AM) (Source: DCOM) (EventID: 10016) (User: FineMommie)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}FineMommieGuestS-1-5-21-3465888097-3273778192-115117043-501LocalHost (Using LRPC)

Error: (09/30/2015 11:19:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (09/30/2015 11:19:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (09/30/2015 11:18:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client Virtualization Handler service failed to start due to the following error:
%%1053

Error: (09/30/2015 11:18:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.

==================== Memory info ===========================

Processor: Intel® Core i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 45%
Total physical RAM: 4043.86 MB
Available physical RAM: 2190.65 MB
Total Virtual: 8085.91 MB
Available Virtual: 5969.02 MB

==================== Drives ================================

Drive c: (TI106136W0E) (Fixed) (Total:452.82 GB) (Free:355.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 95469684)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=17)

==================== End of Addition.txt ============================

[TwinHeadedEagle]

• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.

[chrisfine01]

Sorry about that.  Here they are as attachments if it helps.

Addition.txt

FRST.txt

[TwinHeadedEagle]

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

---

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Cleaning.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

[chrisfine01]

The contents of the AdwCleaner log is below and that log file is attached along with the combofix log

 

 

# AdwCleaner v5.009 - Logfile created 30/09/2015 at 21:00:13

# Updated 27/09/2015 by Xplode

# Database : 2015-09-30.1 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Monica - FINEMOMMIE

# Running from : C:\Users\Monica\Desktop\removal\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

[-] Service Deleted : vToolbarUpdater18.1.9

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Program Files (x86)\File Type Helper

[-] Folder Deleted : C:\Program Files (x86)\Spyware Clear

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

[-] Folder Deleted : C:\ProgramData\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\Babylon

[-] Folder Deleted : C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\Fast Free Converter

[-] Folder Deleted : C:\Users\Monica\AppData\Local\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\Monica\AppData\LocalLow\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\Monica\AppData\LocalLow\Fast Free Converter

[-] Folder Deleted : C:\Users\Monica\AppData\Roaming\Babylon

[-] Folder Deleted : C:\Users\Monica\AppData\Roaming\pccustubinstaller

[-] Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

[-] Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeYum

 

***** [ Files ] *****

 

[-] File Deleted : C:\END

[-] File Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage

[-] File Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_answers.ask.com_0.localstorage

[-] File Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

[-] File Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage

[-] File Deleted : C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : Adobe Flash Player Updater

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

[-] Key Deleted : HKCU\Software\5b08c8fb668ba17

[-] Key Deleted : HKLM\SOFTWARE\5b08c8fb668ba17

[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar

[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

[-] Key Deleted : HKCU\Software\AVG SafeGuard toolbar

[-] Key Deleted : HKCU\Software\BrowseFox

[-] Key Deleted : HKCU\Software\AppDataLow\Software\ArcadeYum

[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

[-] Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update

[!] Key Not Deleted : [x64] HKCU\Software\AVG SafeGuard toolbar

[!] Key Not Deleted : [x64] HKCU\Software\BrowseFox

[!] Key Not Deleted : HKU\S-1-5-21-3465888097-3273778192-115117043-1001\Software\AppDataLow\Software\ArcadeYum

[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[!] Key Not Deleted : HKU\S-1-5-21-3465888097-3273778192-115117043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : itunes.en.softonic.com

[-] [C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : delta-search.com

[-] [C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

[-] [C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=06BF00266CCE246C&affID=119557&tsp=4983

[-] [C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmbmildjdmppofnohldicmnkojfhggmb

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jmbmildjdmppofnohldicmnkojfhggmb

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10115 bytes] ##########

AdwCleanerC1.txt

ComboFix.txt

[TwinHeadedEagle]

How is her PC behaving now?

[chrisfine01]

Its a little better but still more sluggish than I would expect it to be.  I noticed that when I open chrome, it opens 4 tabs.  One is the toshiba home page which is probably set as the default.  Two of the tabs are AVG Secure Search pages and the 4th is a Delta Search page.  Not sure what that is about?  Maybe the computer is just old and slow, but it still seems unacceptably slow to me.  Any thoughts?  

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

---

Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.

  (XP users click run after receipt of Windows Security Warning - Open File).

• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

[chrisfine01]

I got an error message during the Zoek scan.  It said ....."DaS21 has stopped working.  A problem caused the program to stop working correctly.  Windows will close the program and notify you if a solution is available."  I waited about a minute and then clicked Close Program.  The Zoek scan appeared to continue as it should.

 

 

Zoek.exe v5.0.0.1 Updated 30-09-2015

Tool run by Monica on Fri 10/02/2015 at  6:20:12.05.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Monica\Desktop\removal\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

10/2/2015 6:23:59 AM Zoek.exe System Restore Point Created Successfully.

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\OpenSoftwareUpdater deleted successfully

C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

C:\Users\Monica\AppData\Roaming\TP deleted successfully

C:\Users\Guest\AppData\Local\CrashDumps deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3465888097-3273778192-115117043-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{266B6F91-75FB-4B3B-BB06-2FE726CC9C8B} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{651CA263-4157-4AC5-B7C2-03A7C1C00457} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\OpenSoftwareUpdater not found

C:\PROGRA~2\GUT5C91.tmp deleted

C:\PROGRA~2\GUM5C33.tmp deleted

C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted

C:\Users\Monica\AppData\Local\avgchrome deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup deleted

C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\Fast Free Converter deleted

C:\windows\serviceprofiles\networkservice\AppData\LocalLow\Fast Free Converter deleted

C:\windows\SysNative\config\systemprofile\Searches deleted

C:\windows\Syswow64\sho15EF.tmp deleted

C:\windows\Syswow64\shoA435.tmp deleted

C:\windows\SysWow64\searchplugins deleted

C:\windows\SysWow64\Extensions deleted

C:\Users\Monica\Documents\Optimizer Pro deleted

"C:\windows\serviceprofiles\Localservice\AppData\LocalLow\Fast Free Converter" deleted

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09/30/2015 10:29 AM]

 

==== Chromium Look ======================

 

Google Chrome Version: 45.0.2454.101

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/30/2015 10:28 AM]

 

Chrome Hotword Shared Module - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Chrome Hotword Shared Module - Monica\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

 

==== Chromium Fix ======================

 

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage deleted successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage-journal deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage-journal deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage-journal deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage deleted successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{494CE8CB-3DB1-481E-8A0E-827C628A84A7}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{494CE8CB-3DB1-481E-8A0E-827C628A84A7} Google  Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en"

{887BB36E-DA65-4E15-B46E-7667A2FB74AC} Google  Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF"

{D2B53387-C18D-480F-BB7D-7E219355F685} Unknown  Url="Not_Found"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3465888097-3273778192-115117043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D2B53387-C18D-480F-BB7D-7E219355F685} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D2B53387-C18D-480F-BB7D-7E219355F685} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Empty IE Cache ======================

 

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Guest\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Monica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Monica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Monica\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Monica\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\Monica\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=135 folders=23 15880233 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Guest\AppData\Local\temp emptied successfully

C:\Users\Monica\AppData\Local\Temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\windows\Temp successfully emptied

C:\Users\Monica\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Fri 10/02/2015 at  6:54:52.04 ======================

 

FRST.txt

Addition.txt

[TwinHeadedEagle]

Good. Any change now?

[chrisfine01]

She says it runs MUCH better.  Thank you for your help.

 

Do you have any recommendations on software to install that may help protect her computer better?

[TwinHeadedEagle]

Yes, I have.

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.

• Simple and easy ways to keep your computer safe and secure on the Internet

• How Malware Spreads - How did I get infected

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:

CCleaner - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run.
• The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation:

Thank you!

Stay safe,

TwinHeadedEagle

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!