Jump to content

PC won't start and entering password does not work


Recommended Posts

Hi there,

im running Windows 10 ( first mistake!!) I got an error pop up saying " Windows will restart in one minute Windows has encountered a problem please save your work" after this Windows did restart but when it did it gets to the log in screen and allows me to enter my password but when I do the curser jumps back to the start of the text and is unresponsive. I have no way of getting to safe mode as when I go to the restart (power) icon on the right of the screen it only gives me the option to shut down. Also unfortunately there are no restore points set up. I run malwarebytes, avira spy bot ccleaner, advance Windows care so thought I was pretty safe.

any advice no assistance would be very appreciated for this mess I have found myself in.

many thanks in advance. 

Link to post
Share on other sites

If you have access to a spare PC download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Hold down the Shift key and boot your sick PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Thanks,

Kevin...
Link to post
Share on other sites

Thank you for your advice but this is the problem I am having I am normally pretty good with a computer but this has stumped me as when I boot and hold the shift key all that comes up is "do you want to turn on filter keys" I do have a spare laptop so am able to download software but I have no way at the moment to be able to get to it on the sick PC!!, really annoying. Thank you again for taking the time to reply. 

Link to post
Share on other sites

Do you have Windows10 on a DVD or USB stick, if so try booting from either media, at the Windows Setup screen select your language preference, then select "next" In the new screen select "repair your computer"

From there you should go to "Advanced Startup Options" from there select "Troubleshoot" from new screen select "Advanced Options" from the new screen select "Command Prompt"

From there continue as per my reply #4

Link to post
Share on other sites

No Windows on disc or usb I got it as its free update. To be honest wish I never had as have had nothing but problems since I did update it. I have tried everything all normal routes I would use to access safe mode or options or command prompt but I can't even restart and shift from log in screen as something is stopping me getting the option only gives me "shutdown" option

Link to post
Share on other sites

You can create a Windows 7 recovery CD and boot Windows 10 system to access recovery environment...

Create Windows 7 Repair Disc (CD) Instructions at the following link:

https://support.microsoft.com/en-us/help/17423/windows-7-create-system-repair-disc

Next,

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Plug the flashdrive into the infected PC.

Next,

Enter System Recovery Options as follows:

To enter System Recovery Options by using Windows 7 Repair CD:
 
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin...

Link to post
Share on other sites

onal scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by emma davidson (2016-08-01 11:07:15)
Running from C:\Users\emma davidson\AppData\Local\Temp\qd2sb22f.tmp
Windows 7 Home Premium Service Pack 1 (X64) (2016-07-30 13:15:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4073922747-2697754513-844342624-500 - Administrator - Disabled)
emma davidson (S-1-5-21-4073922747-2697754513-844342624-1002 - Administrator - Enabled) => C:\Users\emma davidson
Guest (S-1-5-21-4073922747-2697754513-844342624-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4073922747-2697754513-844342624-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\uTorrent) (Version: 3.4.8.42445 - BitTorrent Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.3.1.30415 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.5.5.2425 - Avira Operations GmbH & Co. KG)
BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Hola™ 1.15.82 - Better Internet (HKLM\...\Hola) (Version: 1.15.82 - Hola Networks Ltd.) <==== ATTENTION
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{562608FE-2051-4488-BF22-8CE4C03046AC}) (Version: 1.0.12 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}) (Version: 4.5.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.125 - IObit)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.1.5 - PandoraTV)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.1.0.28 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Safari (HKLM-x32\...\{A08BAD08-9AA3-410F-98F3-C92C8EE37218}) (Version: 5.34.54.16 - Apple Inc.)
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04495670-04D4-47BC-9154-BB7D62A06C82} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-07-14] (Avira Operations GmbH & Co. KG)
Task: {06E8F76D-B5E2-41A9-9A99-3086352C5C77} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {19D1F29B-C816-4751-95F4-35A7D92E496B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-10] (Hewlett-Packard Company)
Task: {2831A794-3124-415B-A575-2C8EC3CA3A16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {40CDD0F7-159E-4964-BC50-A6342C0DD9EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {5D73B828-797F-4F91-90FA-7E67F01989D9} - System32\Tasks\HPCeeScheduleForemma davidson => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {60C2B9B7-65CB-43CA-B687-433CC0FFE38D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-30] (Adobe Systems Incorporated)
Task: {643757D4-B977-4D40-8028-0B7DC45E6F5E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {6679D3EE-7942-48C1-8402-429AAC2CD1D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {6DD7FB9D-F99B-4023-9915-ED11BC6DE2FF} - System32\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {70AA37F9-FE65-445B-9A78-96BFBEA07A55} - System32\Tasks\ASC9_SkipUac_emma davidson => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-07-28] (IObit)
Task: {764C3A50-0FCD-4848-842E-FDABF2931E89} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {86A8D7F7-97A8-4F1D-A96E-597DDC456B31} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {974C44FB-8DA6-4BD2-BA63-52FEFDF5ED4C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation)
Task: {9A25E3E3-392C-4040-A8E6-D3C56613EF7F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-10] (Hewlett-Packard Company)
Task: {A04468BA-B334-4A79-AD41-E97F3661972C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: {A661E554-F01A-452E-A575-A256A054E4FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: {CCCD1F31-46D4-400A-A224-8B6E058A98DF} - System32\Tasks\Uninstaller_SkipUac_emma_davidson => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-24] (IObit)
Task: {D642F638-2F33-48EB-8082-0DBDCA450173} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {EAEA1213-781C-49EB-AEAA-03C58FB8F4FB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {EBCC3DFE-1600-40E8-AEE7-BA3297473397} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-29] ()
Task: {F14F8C01-7D35-470E-916F-867F96029520} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {FE829B80-C227-42DB-AA9B-C9BD630F9A52} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-07-20] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForemma davidson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-09-28 14:19 - 2011-09-28 14:19 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-09-30 18:40 - 2011-09-30 18:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2011-09-28 14:19 - 2011-09-28 14:19 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 14:06 - 2011-09-28 14:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 21:42 - 2011-06-17 21:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2016-07-30 16:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-30 16:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-30 16:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-30 16:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-30 16:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-07-30 16:20 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-07-30 16:20 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-07-30 16:20 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-07-30 16:20 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2016-07-30 16:20 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2016-07-30 16:20 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-07-30 16:20 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2012-03-07 19:15 - 2012-03-07 19:15 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
2012-03-07 19:15 - 2012-03-07 19:15 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
2016-07-30 15:42 - 2016-06-28 09:23 - 01665024 _____ () C:\Program Files\Hola\app\chromium\49.0.2623.110\libglesv2.dll
2016-07-30 15:42 - 2016-06-28 09:23 - 00074752 _____ () C:\Program Files\Hola\app\chromium\49.0.2623.110\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4073922747-2697754513-844342624-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: GamesAppService => 3
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CD8B3301-C5E8-4319-8E9F-C73CCF354698}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE0995DA-699D-4BE0-A7A0-E82020B5A25F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CB7CD860-C4B1-4657-8280-9CA7C4A3B131}] => (Allow) LPort=2869
FirewallRules: [{B94A7292-BCF5-4935-A648-AD9D6A09A6F5}] => (Allow) LPort=1900
FirewallRules: [{7A0D0B03-796D-4DC7-BD5C-CB266B9AC579}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{72EA8F5E-A93A-4465-878A-AC364C1794E0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0E65082C-A64C-4B66-9257-689BF538B64A}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{EFF791D3-8243-4912-8DD5-E4620AC6D597}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{4C3E173A-40D1-404A-AB8B-6768F516F8E6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3F12571D-356E-4828-83B1-EE68B073E333}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{219DFB33-3C11-4097-A662-B2305ECE4386}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A9A6D887-7AA4-4FF0-A536-4DB083D72E54}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9EB8607-5AC7-4A2B-A3C6-EFAA2EBD815A}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2345E9AC-0552-4E71-8217-05FCBB2B5AF2}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1B7FCBFC-64CF-4A22-BBFB-DDE0EEE6F402}] => (Allow) C:\Users\emma davidson\AppData\Roaming\uTorrent\uTorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

30-07-2016 14:24:17 Installed Safari
30-07-2016 14:47:10 Avira System Speedup 2.5.5
30-07-2016 15:24:58 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
30-07-2016 23:27:04 Installed BBC iPlayer Downloads

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2016 10:29:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2016 09:58:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2016 10:53:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2016 09:14:15 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (07/30/2016 09:11:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2016 08:38:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2016 06:01:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPSFMsgr.exe version 6.0.0.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d6c

Start Time: 01d1ea7d95d74802

Termination Time: 83

Application Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe

Report Id: 20889eb1-5677-11e6-a3c9-ec9a7458f505

Error: (07/30/2016 04:04:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent-3-4-6-build-42178.exe, version: 0.0.0.0, time stamp: 0x570431a2
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
Exception code: 0xc0000005
Fault offset: 0x0003e991
Faulting process id: 0x1f04
Faulting application start time: 0xuTorrent-3-4-6-build-42178.exe0
Faulting application path: uTorrent-3-4-6-build-42178.exe1
Faulting module path: uTorrent-3-4-6-build-42178.exe2
Report Id: uTorrent-3-4-6-build-42178.exe3

Error: (07/30/2016 03:25:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Avira.SystemSpeedup.UI.Application.exe version 2.5.5.2425 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14f0

Start Time: 01d1ea6c8c695047

Termination Time: 4236

Application Path: C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Application.exe

Report Id: 585b9f13-5661-11e6-a3c9-ec9a7458f505

Error: (07/30/2016 03:10:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/01/2016 10:57:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (08/01/2016 10:18:27 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/01/2016 09:58:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (07/31/2016 10:53:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Phantom VPN service to connect.

Error: (07/31/2016 10:52:26 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000020, 0xfffffa8006326170, 0xfffffa8006326190, 0x0000000004020003)C:\Windows\MEMORY.DMP073116-22120-01

Error: (07/31/2016 10:52:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:51:06 on ‎31/‎07/‎2016 was unexpected.

Error: (07/31/2016 08:49:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hola_svc service.

Error: (07/30/2016 11:23:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hola_svc service.

Error: (07/30/2016 09:10:17 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000020, 0xfffffa8006e91290, 0xfffffa8006e912b0, 0x0000000004020008)C:\Windows\MEMORY.DMP073016-16894-01

Error: (07/30/2016 09:10:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:56:43 on ‎30/‎07/‎2016 was unexpected.


==================== Memory info =========================== 

Processor: AMD E2-3000M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3561.41 MB
Available physical RAM: 1044.42 MB
Total Virtual: 7121.01 MB
Available Virtual: 2514.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.79 GB) (Free:389.33 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:19.81 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

==================== MBR & Partition Table ==================
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by emma davidson (administrator) on EMMADAVIDSON-HP (01-08-2016 11:05:05)
Running from C:\Users\emma davidson\AppData\Local\Temp\qd2sb22f.tmp
Loaded Profiles: emma davidson (Available Profiles: emma davidson)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: "C:\Program Files (x86)\Safari\Safari.exe" -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2160816 2016-07-20] (Hola Networks Ltd.) <===== ATTENTION
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831064 2016-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [17008 2016-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2023712 2016-07-27] (IObit)
HKU\S-1-5-21-4073922747-2697754513-844342624-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-15] (EasyBits Software Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4FEC5B48-9713-4AE2-8D5E-022965A998FE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C28C5DBE-2B8D-4CC7-B5B8-26ED8F9DFF4A}: [DhcpNameServer] 40.22.1.201 40.22.1.202

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2
HKU\S-1-5-21-4073922747-2697754513-844342624-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/2
HKU\S-1-5-21-4073922747-2697754513-844342624-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {6CFE476D-5A9B-4DA2-9845-BBB998B54DB2} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL [2011-07-25] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-4073922747-2697754513-844342624-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\emma davidson\AppData\Roaming\Mozilla\Firefox\Profiles\SlCRBLyi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-30] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-30] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\emma davidson\AppData\Roaming\Mozilla\Firefox\Profiles\SlCRBLyi.default\Extensions\abs@avira.com [2016-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2016-07-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2016-08-01] [not signed]

Chrome: 
=======
CHR Profile: C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-31]
CHR Extension: (Google Drive) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-31]
CHR Extension: (YouTube) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-31]
CHR Extension: (Avira Browser Safety) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-31]
CHR Extension: (Google Docs Offline) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-31]
CHR Extension: (ModHeader) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-07-31]
CHR Extension: (Norton Security Toolbar) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2016-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-31]
CHR Extension: (Gmail) - C:\Users\emma davidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-03-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [452384 2016-07-25] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [472112 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [472112 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [231256 2016-07-13] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [5615792 2016-07-20] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5615792 2016-07-20] (Hola Networks Ltd.) <==== ATTENTION
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [27632 2016-07-14] (Avira Operations GmbH & Co. KG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-07-18] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-10] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D5B031C308A409A0A576BFF4CF083D30
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 7979BF4A66EFDADF3D00A052409609B1
C:\Windows\System32\DRIVERS\atikmpag.sys 7D5CDB0161E91951D3DD99E55CEA4D01
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys BB4FE7889DB9CBBE61A308E99697F53C
C:\Windows\System32\DRIVERS\amd_xata.sys 5631CBA53F1CBEA3F9E88348E6723391
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys CBD14F698DEF12EE3557604B726CB8EB
C:\Windows\System32\DRIVERS\avgntflt.sys E0304A40460FFFB14F3B067660518B9E
C:\Windows\System32\DRIVERS\avipbb.sys DBEFDCF8A5258A483B672EB9825E5F7F
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\System32\DRIVERS\avnetflt.sys 138A53D17B040F5A3A307D44A89D0905
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys 41DA5845E1F8AF445BD626CF085C4541
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys A8AD33C9DD88C810CAC00ACC7F4329FB
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys A4F408AD1065C7AD2ED332C68025B435
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys BDD265EEB37DF5953A547FE412E2472F
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys 0B97F1A640AD3D159A7B5D2164C42E50
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS 2DBE90210DE76BE6E1653BB20EC70EC2
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS 346DA70E203B8E2C850277713DE8F71B
C:\Windows\System32\drivers\ndis.sys C38B8AE57F78915905064A9A24DC1586
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EA5532868BA76923D75BCB2A1448D810
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS 1321A6C3C92BBD3F3BBE1292CFF8E91A
C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS BD129C22C3B8C2E584227269DFA77B09
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys EBA98394A7D58F7552C52192BD8FA7E6
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS 8B2430762099598DA40686F754632EFD
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS FE29B18BF86FFCD55D8733C9B01E5042
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 36B77F5C9E21F88A8C8EC67AD5415819
C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS DD70DA422460FDED831D211DF151D560
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS BCE4EB2EEF05E388959B46FD21388C2D
C:\Windows\System32\DRIVERS\SynTP.sys C447977ED2A4AE9346FE3A0579A34D7C
C:\Windows\System32\DRIVERS\tap0901.sys FEB710154EDF9B2A15E863E262B5BEE1
C:\Windows\System32\drivers\tcpip.sys F0E98C00A09FDF791525829A1D14240F
C:\Windows\System32\DRIVERS\tcpip.sys F0E98C00A09FDF791525829A1D14240F
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbfilter.sys B7037444DC5138FC7D3D3968B4DE5C4B
C:\Windows\system32\drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-01 11:04 - 2016-08-01 11:05 - 00000000 ____D C:\FRST
2016-07-31 22:52 - 2016-07-31 22:52 - 362451605 _____ C:\Windows\MEMORY.DMP
2016-07-31 22:52 - 2016-07-31 22:52 - 00274968 _____ C:\Windows\Minidump\073116-22120-01.dmp
2016-07-31 22:41 - 2016-07-31 22:41 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\WinRAR
2016-07-31 22:31 - 2016-07-31 22:31 - 01992496 _____ C:\Users\emma davidson\Downloads\winrar-x64-531 (1).exe
2016-07-31 22:31 - 2016-07-31 22:31 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-07-31 22:31 - 2016-07-31 22:31 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-31 22:31 - 2016-07-31 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-31 22:31 - 2016-07-31 22:31 - 00000000 ____D C:\Program Files\WinRAR
2016-07-31 22:30 - 2016-07-31 22:30 - 01992496 _____ C:\Users\emma davidson\Downloads\winrar-x64-531.exe
2016-07-31 22:29 - 2016-07-31 22:41 - 00000000 ____D C:\Users\emma davidson\Downloads\Melbourne.International.Comedy.Festival.2016.Gala.PDTV.x264-CBFM
2016-07-31 22:28 - 2016-07-31 22:28 - 00017404 _____ C:\Users\emma davidson\Downloads\Melbourne.International.Comedy.Festival.2016.Gala.PDTV.x264-CBFM.torrent
2016-07-31 22:25 - 2016-07-31 22:25 - 00034266 _____ C:\Users\emma davidson\Downloads\Channel.4s.Comedy.Gala.2016.XviD-AFG.torrent
2016-07-31 22:24 - 2016-07-31 22:24 - 00014960 _____ C:\Users\emma davidson\Downloads\Channel.4s.Comedy.Gala.2016.480p.x264-mSD (1).torrent
2016-07-31 22:19 - 2016-07-31 22:19 - 00014960 _____ C:\Users\emma davidson\Downloads\Channel.4s.Comedy.Gala.2016.480p.x264-mSD.torrent
2016-07-31 20:53 - 2016-07-31 20:53 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Avira_Operations_GmbH_&_C
2016-07-31 16:31 - 2016-07-31 16:31 - 00000606 _____ C:\Users\emma davidson\Desktop\KMPlayer.lnk
2016-07-31 16:31 - 2016-07-31 16:31 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2016-07-31 16:30 - 2016-07-31 22:41 - 00000000 ____D C:\KMPlayer
2016-07-31 16:18 - 2016-07-31 16:18 - 00000933 _____ C:\Users\emma davidson\Desktop\Downloads.lnk
2016-07-31 14:52 - 2016-07-31 14:53 - 00000000 ____D C:\Users\emma davidson\Downloads\True.Detective.S02.HDTV.XviD-AFG
2016-07-31 14:48 - 2016-07-31 14:50 - 00000000 ____D C:\Users\emma davidson\Downloads\Jeff.Ross.Presents.Roast.Battle.S01E01.720p.HEVC.x265-MeGusta
2016-07-31 14:48 - 2016-07-31 14:49 - 00000000 ____D C:\Users\emma davidson\Downloads\Jeff.Ross.Presents.Roast.Battle.S01E02.720p.HEVC.x265-MeGusta
2016-07-31 14:48 - 2016-07-31 14:48 - 00000000 ____D C:\Users\emma davidson\Downloads\Jeff.Ross.Presents.Roast.Battle.S01E03.XviD-AFG
2016-07-30 23:28 - 2016-07-30 23:28 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\BBCiPlayerDownloads
2016-07-30 23:27 - 2016-07-30 23:27 - 00001226 _____ C:\Users\emma davidson\Desktop\BBC iPlayer Downloads.lnk
2016-07-30 23:27 - 2016-07-30 23:27 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2016-07-30 23:27 - 2016-07-30 23:27 - 00000000 ____D C:\Users\emma davidson\AppData\Local\BBC
2016-07-30 20:37 - 2016-07-31 22:52 - 00000000 ____D C:\Windows\Minidump
2016-07-30 18:34 - 2016-07-30 18:49 - 00000000 ____D C:\Users\emma davidson\Downloads\Soaked.in.Bleach.2015.720p.BluRay.DD5.1.x264-playHD
2016-07-30 18:34 - 2016-07-30 18:34 - 00000000 ____D C:\Users\emma davidson\Downloads\The.Fundamentals.of.Caring.2016.HDRip.XviD.AC3-EVO
2016-07-30 16:20 - 2016-07-30 16:29 - 00002262 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-07-30 16:20 - 2016-07-30 16:23 - 00000000 ____D C:\Users\emma davidson\AppData\LocalLow\IObit
2016-07-30 16:20 - 2016-07-30 16:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\ProductData
2016-07-30 16:20 - 2016-07-30 16:20 - 00003210 _____ C:\Windows\System32\Tasks\ASC9_PerformanceMonitor
2016-07-30 16:20 - 2016-07-30 16:20 - 00002934 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_emma_davidson
2016-07-30 16:20 - 2016-07-30 16:20 - 00002898 _____ C:\Windows\System32\Tasks\ASC9_SkipUac_emma davidson
2016-07-30 16:20 - 2016-07-30 16:20 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-07-30 16:20 - 2016-07-30 16:20 - 00001354 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\ProductData
2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-07-30 16:20 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-07-30 16:19 - 2016-07-30 16:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\IObit
2016-07-30 16:19 - 2016-07-30 16:20 - 00000000 ____D C:\ProgramData\IObit
2016-07-30 16:19 - 2016-07-30 16:20 - 00000000 ____D C:\Program Files (x86)\IObit
2016-07-30 16:19 - 2016-07-30 16:19 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-30 16:17 - 2016-07-31 16:20 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\vlc
2016-07-30 16:17 - 2016-07-30 16:17 - 00001011 _____ C:\Users\emma davidson\Desktop\Hola.lnk
2016-07-30 16:16 - 2016-07-30 16:16 - 00001250 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2016-07-30 16:16 - 2016-07-30 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-07-30 16:16 - 2016-07-30 16:16 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2016-07-30 16:15 - 2016-07-30 16:15 - 00001391 _____ C:\Users\emma davidson\Desktop\Spybot-S&D Start Center.lnk
2016-07-30 16:15 - 2016-07-30 16:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-07-30 16:15 - 2016-07-30 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-30 16:14 - 2016-07-30 16:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-30 16:14 - 2016-07-30 16:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-30 16:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-07-30 16:11 - 2016-07-30 16:11 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-30 16:11 - 2016-07-30 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-30 16:11 - 2016-07-30 16:11 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-07-30 16:09 - 2016-07-31 22:42 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\uTorrent
2016-07-30 16:09 - 2016-07-31 22:32 - 00000000 ___SD C:\Users\emma davidson\AppData\LocalLow\Temp
2016-07-30 16:09 - 2016-07-30 16:09 - 00002676 _____ C:\Users\emma davidson\Desktop\µTorrent.lnk
2016-07-30 16:08 - 2016-07-30 16:08 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Avira
2016-07-30 16:04 - 2016-07-31 16:33 - 00000000 ____D C:\Users\emma davidson\AppData\Local\CrashDumps
2016-07-30 15:44 - 2016-08-01 10:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-30 15:44 - 2016-07-30 15:44 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-30 15:44 - 2016-07-30 15:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-30 15:44 - 2016-07-30 15:44 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-30 15:43 - 2016-07-30 15:45 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Adobe
2016-07-30 15:42 - 2016-07-30 15:42 - 00001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola.lnk
2016-07-30 15:42 - 2016-07-30 15:42 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Hola
2016-07-30 15:42 - 2016-07-30 15:42 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Chromium
2016-07-30 15:42 - 2016-07-30 15:42 - 00000000 ____D C:\Program Files\Hola
2016-07-30 15:13 - 2016-07-30 15:13 - 00000000 ____D C:\Users\emma davidson\AppData\Local\AviraSpeedup
2016-07-30 15:12 - 2016-07-30 20:37 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$.job
2016-07-30 15:12 - 2016-07-30 15:12 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEMMADAVIDSON-HP$
2016-07-30 15:12 - 2016-07-30 15:12 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
2016-07-30 15:12 - 2016-07-30 15:12 - 00001040 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-07-30 15:12 - 2016-07-30 15:12 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Avira
2016-07-30 15:11 - 2016-07-30 15:17 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2016-07-30 14:50 - 2016-07-30 14:50 - 00001143 _____ C:\Users\Public\Desktop\Avira System Speedup.lnk
2016-07-30 14:47 - 2016-07-30 14:49 - 00000000 ____D C:\de101f08bb075b00758dc32cd4d8f5
2016-07-30 14:46 - 2016-08-01 10:58 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-07-30 14:46 - 2016-07-30 14:46 - 00003364 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2016-07-30 14:46 - 2016-07-30 14:46 - 00002820 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-07-30 14:46 - 2016-07-30 14:46 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-30 14:46 - 2016-07-30 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-30 14:46 - 2016-07-30 14:46 - 00000000 ____D C:\Program Files\CCleaner
2016-07-30 14:45 - 2016-07-30 14:45 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-30 14:40 - 2016-08-01 10:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-30 14:40 - 2016-08-01 10:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-30 14:40 - 2016-07-30 14:50 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 14:40 - 2016-07-30 14:50 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-30 14:40 - 2016-07-30 14:47 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Google
2016-07-30 14:39 - 2016-07-30 14:46 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-30 14:37 - 2016-08-01 10:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-30 14:37 - 2016-07-18 16:23 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-07-30 14:37 - 2016-07-18 16:23 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-07-30 14:37 - 2016-07-18 16:23 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-07-30 14:37 - 2016-07-18 16:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-07-30 14:36 - 2016-07-30 14:36 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-30 14:36 - 2016-07-30 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-30 14:36 - 2016-07-30 14:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-30 14:36 - 2016-07-30 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-30 14:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-30 14:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-30 14:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-30 14:31 - 2016-07-30 14:31 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Mozilla
2016-07-30 14:29 - 2016-07-30 15:13 - 00000000 ____D C:\ProgramData\Avira
2016-07-30 14:29 - 2016-07-30 15:12 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-30 14:29 - 2016-07-30 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-30 14:29 - 2016-07-30 14:29 - 00001206 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-30 14:28 - 2016-07-30 14:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-30 14:26 - 2016-07-31 17:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Apple Computer
2016-07-30 14:26 - 2016-07-30 15:54 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Apple Computer
2016-07-30 14:26 - 2016-07-30 14:26 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-07-30 14:26 - 2016-07-30 14:26 - 00002491 _____ C:\Users\Public\Desktop\Safari.lnk
2016-07-30 14:26 - 2016-07-30 14:26 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-30 14:26 - 2016-07-30 14:26 - 00000000 ____D C:\Program Files (x86)\Safari
2016-07-30 14:24 - 2016-07-30 14:24 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Apple
2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\ProgramData\Apple
2016-07-30 14:24 - 2016-07-30 14:24 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-07-30 14:22 - 2016-07-30 15:12 - 00057960 _____ C:\Users\emma davidson\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-30 14:22 - 2016-07-30 14:22 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Macromedia
2016-07-30 14:21 - 2016-07-30 14:21 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\ATI
2016-07-30 14:21 - 2016-07-30 14:21 - 00000000 ____D C:\Users\emma davidson\AppData\Local\ATI
2016-07-30 14:21 - 2016-07-30 14:21 - 00000000 ____D C:\Users\emma davidson\AppData\Local\AMD
2016-07-30 14:20 - 2016-07-30 23:28 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Adobe
2016-07-30 14:20 - 2016-07-30 14:20 - 00001409 _____ C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-07-30 14:20 - 2016-07-30 14:20 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Synaptics
2016-07-30 14:19 - 2016-08-01 09:56 - 00000364 _____ C:\Windows\Tasks\HPCeeScheduleForemma davidson.job
2016-07-30 14:19 - 2016-07-31 22:56 - 00003234 _____ C:\Windows\System32\Tasks\HPCeeScheduleForemma davidson
2016-07-30 14:19 - 2016-07-31 20:51 - 00003986 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{743FE513-EEA1-4EE6-BADE-2F4B3A0850B6}
2016-07-30 14:19 - 2016-07-30 14:20 - 00001443 _____ C:\Users\emma davidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-30 14:18 - 2016-07-31 22:28 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Hewlett-Packard
2016-07-30 14:17 - 2016-07-30 14:20 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\hpqlog
2016-07-30 14:17 - 2016-07-30 14:19 - 00003598 _____ C:\Windows\System32\Tasks\Registration
2016-07-30 14:17 - 2016-07-30 14:19 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Hewlett-Packard
2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ____D C:\Users\emma davidson\AppData\Local\RemEngine
2016-07-30 14:17 - 2016-07-30 14:17 - 00000000 ____D C:\Users\emma davidson\AppData\Local\Hewlett-Packard_Company
2016-07-30 14:16 - 2016-07-30 14:49 - 00000000 ____D C:\Users\emma davidson\AppData\Local\VirtualStore
2016-07-30 14:16 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-30 14:16 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-30 14:16 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-30 14:16 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-30 14:16 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-30 14:16 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-30 14:16 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-30 14:16 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-30 14:16 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-30 14:16 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-30 14:16 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-30 14:16 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-30 14:16 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-30 14:16 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-30 14:15 - 2016-07-31 22:56 - 00000000 ____D C:\Users\emma davidson
2016-07-30 14:15 - 2016-07-30 14:15 - 00000020 ___SH C:\Users\emma davidson\ntuser.ini
2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\My Documents
2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\Documents\My Videos
2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\Documents\My Pictures
2016-07-30 14:15 - 2016-07-30 14:15 - 00000000 _SHDL C:\Users\emma davidson\Documents\My Music
2016-07-30 14:15 - 2012-03-20 10:42 - 00000000 ____D C:\Users\emma davidson\AppData\Roaming\Media Center Programs
2016-07-13 15:53 - 2016-07-13 15:53 - 00036872 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-01 10:36 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-01 10:36 - 2009-07-14 05:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-01 10:34 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-01 10:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-08-01 10:28 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-01 10:22 - 2012-03-20 10:12 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-07-31 21:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-30 23:07 - 2009-07-14 06:32 - 00032768 _____ C:\Windows\system32\config\BCD-Template
2016-07-30 22:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-07-30 16:29 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther
2016-07-30 15:44 - 2011-10-15 07:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-30 15:44 - 2011-10-15 07:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-30 15:09 - 2009-07-14 05:45 - 00275112 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-30 15:00 - 2012-03-20 09:59 - 00765700 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-30 14:19 - 2011-02-10 20:23 - 00000000 ____D C:\SWSetup
2016-07-30 14:17 - 2011-10-15 07:27 - 00000000 ___RD C:\Program Files\Online Services
2016-07-30 14:17 - 2011-10-15 07:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-07-30 14:17 - 2011-10-15 07:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-07-30 14:17 - 2011-10-15 07:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-07-30 14:17 - 2011-10-15 07:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-07-30 14:17 - 2011-10-15 07:08 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-07-30 14:17 - 2011-10-15 07:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
2016-07-30 14:17 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-07-30 14:17 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-07-30 14:16 - 2012-03-20 10:12 - 00000000 ____D C:\ProgramData\Norton
2016-07-30 14:16 - 2011-02-10 20:23 - 00000000 ___HD C:\SYSTEM.SAV
2016-07-30 14:15 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-30 14:14 - 2012-03-20 09:48 - 00000056 ____H C:\Windows\SysWOW64\ezsidmv.dat

Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe


Some files in TEMP:
====================
C:\Users\emma davidson\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {0d56e759-56a2-11e6-aad2-e47ee23727ce}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {0d56e75d-56a2-11e6-aad2-e47ee23727ce}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {0d56e75d-56a2-11e6-aad2-e47ee23727ce}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0d56e759-56a2-11e6-aad2-e47ee23727ce}
nx                      OptIn
detecthal               Yes

Windows Boot Loader
-------------------
identifier              {0d56e75d-56a2-11e6-aad2-e47ee23727ce}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{0d56e75e-56a2-11e6-aad2-e47ee23727ce}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{0d56e75e-56a2-11e6-aad2-e47ee23727ce}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {0d56e759-56a2-11e6-aad2-e47ee23727ce}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {0d56e75e-56a2-11e6-aad2-e47ee23727ce}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

LastRegBack: 2016-07-30 20:29

==================== End of FRST.txt ==========

 

 

 

 

Link to post
Share on other sites

There are two security systems installed but currently disabled, Avira and Norton IS. There is also IOBit and Spybot S & D. You will have to decide which of the two main security programs you want to keep and enable, Avira or NIS...

To remove Avira use this link - http://www.avira.com/en/support-for-home-knowledgebase-detail?kbid=88

To remove NIS use this link - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&pvid=f-home

The following should also be UNinstalled:

Hola™ 1.15.82
IObit
Spybot S & D.


Use the following UNinstaller tool to remove the above three programs:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

When you have that sorted out re-boot your system....

Next,

Zip up and attach the following folder:

C:\Windows\Minidump

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two new logs....
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.