Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant busy signal after opening internet [Closed]

mozilla busy ctrl alt delete

  • This topic is locked This topic is locked

#1
Beegjeem

Beegjeem

    New Member

  • Member
  • Pip
  • 6 posts

My computer seems to be having some issues. Anytime I try to open specifically mozilla firefox my computer begins to go into thinking mode and basically freezes up my ability to click on anything (though i can move my mouse around).

I tried to run my avast smart scan and when that didnt work (it didnt get passed the add-ons portion) i came to these forums and started downloading and trying a number of junk removal programs including combofix, junk removal, adcleaner, panda, avg. Ive finally given in though as the problem still persists.

 

-I can work in Google Chrome for some reason.

 

Your help would be much appreciated.

 

Here is my FRST/addition log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Leah (administrator) on LEAH-PC (21-05-2016 08:41:25)
Running from C:\Users\Leah\Desktop
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2011-12-01] (Intel® Corporation)
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1896656 2016-01-11] (Magic Control Technology Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-08] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Run: [Google Update] => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-26] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-04-26]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{52CE0747-8895-4849-B152-EEBEC8D4F82B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{5F778D39-3EDB-4894-B6FD-25373D063BA7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A2B969B0-A4F4-4EF7-9AC6-AE51A85E54D9}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-176779348-953494555-136863877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-176779348-953494555-136863877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-176779348-953494555-136863877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_tb
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-26] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-26] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-176779348-953494555-136863877-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\p9t3a6rl.default
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: 
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-20] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Leah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @talk.google.com/O1DPlugin -> C:\Users\Leah\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Leah\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Leah\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=840_pr__alt__ddc_dsssyc_bd_com"
CHR Plugin: (Shockwave Flash) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\Leah\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google Search) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-07]
CHR Extension: (Avast Online Security) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Todo.ly) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2012-08-31]
CHR Extension: (Gmail) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-26]
StartMenuInternet: Google Chrome.BMIN4BP3UXMWY3K5UM55SOK5Q4 - C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-26] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-26] (Avast Software)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2011-11-30] (Red Bend Ltd.) [File not signed]
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
S2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.)
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2011-11-30] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-26] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-26] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-26] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-08] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-26] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-26] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [172752 2016-01-12] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 MctUsbAudio; C:\Windows\System32\DRIVERS\MctFlt.sys [22320 2015-03-10] (Windows ® Win 7 DDK provider)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-26] (AVAST Software)
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
S1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
S1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [80592 2016-03-14] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.)
S2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 t5usb64; C:\Windows\System32\drivers\t5usb64.sys [141064 2016-01-19] (Magic Control Technology Corporation)
S2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-26] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 08:41 - 2016-05-21 08:42 - 00021817 _____ C:\Users\Leah\Desktop\FRST.txt
2016-05-21 08:40 - 2016-05-21 08:40 - 02382336 _____ (Farbar) C:\Users\Leah\Desktop\FRST64.exe
2016-05-21 08:37 - 2016-05-21 08:41 - 00000000 ____D C:\FRST
2016-05-21 08:37 - 2016-05-21 08:37 - 02382336 _____ (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2016-05-20 08:51 - 2016-05-20 08:51 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-19 21:45 - 2016-05-19 21:45 - 00000000 ____D C:\Users\Leah\AppData\Roaming\Panda Security
2016-05-19 21:45 - 2015-05-22 04:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-05-19 21:44 - 2016-05-19 21:45 - 00002199 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-05-19 21:44 - 2016-05-19 21:45 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-05-19 21:44 - 2016-05-19 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-05-19 21:42 - 2016-05-19 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2016-05-19 21:42 - 2016-05-19 21:42 - 02252720 _____ (Panda Security, S.L.) C:\Users\Leah\Downloads\PANDAFREEAV.exe
2016-04-26 23:36 - 2016-04-26 23:36 - 00003444 _____ C:\Users\Leah\Desktop\JRT.txt
2016-04-26 23:34 - 2016-04-26 23:34 - 01610008 _____ (Malwarebytes) C:\Users\Leah\Downloads\JRT.exe
2016-04-26 23:25 - 2016-04-26 23:25 - 00000000 ____D C:\Users\Leah\AppData\Local\CEF
2016-04-26 23:15 - 2016-04-26 23:15 - 00001101 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-04-26 23:15 - 2016-04-26 23:15 - 00001061 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-04-26 23:15 - 2016-04-26 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-04-26 23:15 - 2016-04-26 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-04-26 23:15 - 2016-04-26 23:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-26 23:15 - 2016-04-26 23:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-04-26 23:14 - 2016-04-26 23:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-26 23:13 - 2016-04-26 23:13 - 02622792 _____ (Kaspersky Lab) C:\Users\Leah\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-26 22:48 - 2016-04-26 22:48 - 00000000 ____D C:\KVRT_Data
2016-04-26 22:47 - 2016-04-26 22:48 - 94827432 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Downloads\KVRT.exe
2016-04-23 09:58 - 2016-04-23 09:58 - 00023957 _____ C:\ComboFix.txt
2016-04-23 09:46 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-23 09:46 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-23 09:46 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-23 09:44 - 2016-04-23 09:58 - 00000000 ____D C:\Qoobox
2016-04-23 09:43 - 2016-04-23 09:56 - 00000000 ____D C:\Windows\erdnt
2016-04-23 09:43 - 2016-04-23 09:43 - 05660058 ____R (Swearware) C:\Users\Leah\Downloads\ComboFix.exe
2016-04-23 09:42 - 2016-04-23 09:42 - 37409400 _____ (Malwarebytes ) C:\Users\Leah\Downloads\MBARW_Setup.exe
2016-04-23 09:05 - 2016-04-23 09:08 - 00000000 ____D C:\AdwCleaner
2016-04-23 09:05 - 2016-04-23 09:05 - 03683904 _____ C:\Users\Leah\Downloads\AdwCleaner.exe
2016-04-23 08:25 - 2016-04-23 08:25 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\Users\Leah\AppData\Local\MFAData
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\ProgramData\MFAData
2016-04-23 08:23 - 2016-04-23 08:25 - 00000000 ____D C:\ProgramData\Avg
2016-04-23 08:23 - 2016-04-23 08:25 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-23 08:22 - 2016-04-23 08:25 - 00000000 ____D C:\Users\Leah\AppData\Local\AvgSetupLog
2016-04-23 08:22 - 2016-04-23 08:22 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Leah\Downloads\AVG_Protection_1472.exe
2016-04-23 08:22 - 2016-04-23 08:22 - 00000000 ____D C:\Users\Leah\AppData\Local\Avg
2016-04-23 07:08 - 2016-04-26 22:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 07:08 - 2016-04-23 07:08 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-23 07:08 - 2016-04-23 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-23 07:08 - 2016-04-23 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-23 07:08 - 2016-04-23 07:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-23 07:08 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-23 07:08 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-23 07:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-23 07:07 - 2016-04-23 07:07 - 22851472 _____ (Malwarebytes ) C:\Users\Leah\Downloads\mbam-setup-2.2.1.1043.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 08:32 - 2015-10-27 07:22 - 03076606 _____ C:\Windows\ntbtlog.txt
2016-05-21 08:13 - 2012-08-21 18:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 08:11 - 2015-10-26 18:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 08:11 - 2012-08-21 19:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA.job
2016-05-21 03:59 - 2009-07-14 00:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 03:59 - 2009-07-14 00:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-20 21:11 - 2015-10-26 18:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 17:37 - 2015-11-06 20:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-20 17:30 - 2015-12-09 22:27 - 00002812 _____ C:\Windows\system32\GManager.ini
2016-05-20 17:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 17:23 - 2012-08-21 19:32 - 00002370 _____ C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-20 10:55 - 2015-10-26 18:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-20 08:54 - 2012-08-21 18:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-20 08:53 - 2012-08-21 18:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-20 08:53 - 2012-08-21 18:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-20 07:41 - 2009-07-14 00:45 - 00531656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-19 21:45 - 2012-08-20 20:57 - 00133664 _____ C:\Users\Leah\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-19 21:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-19 21:21 - 2012-08-21 19:31 - 00000000 ____D C:\Users\Leah\AppData\Local\Google
2016-05-19 21:06 - 2015-10-26 18:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-19 21:06 - 2015-10-26 18:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-19 21:06 - 2012-08-21 19:31 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA
2016-05-19 21:06 - 2012-08-21 19:31 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core
2016-05-19 21:06 - 2012-08-21 19:31 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core.job
2016-04-23 09:54 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-23 09:08 - 2014-07-10 08:34 - 00000000 ____D C:\Users\Leah\AppData\Roaming\Yahoo!
2016-04-23 09:08 - 2014-07-10 08:34 - 00000000 ____D C:\Users\Leah\AppData\LocalLow\Yahoo!
2016-04-23 09:08 - 2014-07-10 08:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-04-23 07:27 - 2010-11-21 03:17 - 00000000 ____D C:\Windows\CSC
2016-04-21 22:03 - 2012-08-21 21:35 - 00000000 ____D C:\Users\Leah\AppData\Roaming\vlc
2016-04-21 15:05 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\Leah\KENPAVE.exe
 
 
Some files in TEMP:
====================
C:\Users\Leah\AppData\Local\Temp\avguirn_08248499285.exe
C:\Users\Leah\AppData\Local\Temp\{13066A6E-1E0A-4A84-8329-F6F80CED133A}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-29 00:29
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Leah (2016-05-21 08:42:24)
Running from C:\Users\Leah\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-08-21 00:46:03)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-176779348-953494555-136863877-500 - Administrator - Disabled)
Guest (S-1-5-21-176779348-953494555-136863877-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176779348-953494555-136863877-1002 - Limited - Enabled)
Leah (S-1-5-21-176779348-953494555-136863877-1000 - Administrator - Enabled) => C:\Users\Leah
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.51.2.3593 - AVG Technologies)
AVG Zen (Version: 1.51.58 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.00.0000 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.8.33771 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Juniper_Setup_Client) (Version: 8.0.8.52215 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Juniper_Term_Services) (Version: 8.0.8.33771 - Juniper Networks)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{A19807B6-6057-456E-A560-A2A04862C1C6}) (Version: 1.5.1.202 - Kaspersky Lab)
Kaspersky Software Updater Beta (x32 Version: 1.5.1.202 - Kaspersky Lab) Hidden
KENPAVE (HKLM-x32\...\ST6UNST #1) (Version:  - )
K-Lite Codec Pack 9.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Logos 5 Prerequisites (HKLM-x32\...\{6DA1E579-2E4D-4AF4-85F5-FB73C6531610}) (Version: 5.16.0880 - Logos Bible Software)
Logos Bible Software 5 (HKLM-x32\...\{BC8CB361-6566-4EDB-87BE-4B470AE664A0}) (Version: 5.16.950 - Logos Bible Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mathcad 15 M010 (HKLM-x32\...\{8FD0167F-A752-467A-86BE-3728D71F68B8}) (Version: 15.0.1.0 - PTC)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Mathcad Prime 2.0 (HKLM\...\{1D9A78F1-FDC7-45D8-8145-B6462CA82240}) (Version: 2.0 - PTC)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
On-Screen Takeoff (HKLM-x32\...\{8BF3AF44-C518-4236-BD62-E637D86C6C16}) (Version: 3.8.3.203 - On Center Software, Inc.)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security)
Panda Free Antivirus (Version: 8.21.00 - Panda Security) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trigger External Graphics Family 16.01.0113.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.01.0113.0179 - MCT Corp)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14EDAF2D-AA23-4475-9725-0B97892641AB} - \Yahoo! Search -> No File <==== ATTENTION
Task: {177BDA36-E75B-47AE-BD4D-709D4E38E157} - System32\Tasks\{60293089-BBCD-460D-8DDA-A5538FF0A636} => pcalua.exe -a "C:\Users\Leah\Downloads\setup (1).exe" -d C:\Users\Leah\Downloads
Task: {1B71C1F6-8417-421E-BC2A-0CFC742746B5} - \DriverRestore_ScheduledScan -> No File <==== ATTENTION
Task: {1D7A18BF-579C-4D1D-9CF6-DA836609EF9D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {31E411E0-6C80-4324-B275-0F40508A1228} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {48D9219E-76DC-46E3-99AC-9336C34EBF4A} - System32\Tasks\{D9D83C7C-76F5-429E-96A4-84EE10389AC9} => pcalua.exe -a D:\setup.exe -d D:\
Task: {52643C01-CAB1-42AB-83D4-F0141D9F7804} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {57B1480F-8F58-480C-BAB5-7A7F19426118} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-26] (AVAST Software)
Task: {8EE5B3E3-0475-4492-A002-A2AE70AF1295} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {C535B57A-2A7B-4EE1-9DF3-4708229A70FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {E71962A2-68A3-4459-A5CD-7139BA2ECCF9} - \DriverRestore_DailyScan -> No File <==== ATTENTION
Task: {F12D05DF-3C66-4C13-B960-DD87D5212C1F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F3B136BD-42F1-40EB-9B6B-CB1CD98A03A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {FF18F2E3-DF33-4342-8F76-303709083632} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core.job => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA.job => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-15 13:17 - 2015-12-15 13:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-20 17:22 - 2016-05-11 07:48 - 17565848 _____ () C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-04-23 09:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-176779348-953494555-136863877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9B8C7432-D288-437F-BC22-D7A87AD1685D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{5D5C6FB7-4839-4C8D-8732-BB95C7CA80F3}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{CC3EC1F1-F333-41E7-8F3F-4979EAAED081}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{1EE7F594-8D3E-4CF2-BDBF-927623A5DDA9}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{08DA7E6B-FB84-4E53-B500-390B3050532E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5F9B15BF-1CA0-43AB-925A-DC2F649AF886}C:\users\leah\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\leah\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{154A8445-0054-4831-BAD7-D4F01F21C7C6}C:\users\leah\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\leah\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D5271DA2-135B-47BE-A499-F36D42F69326}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F72F418C-059E-4451-B879-8401A6886CB1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{00ADA3E7-6A78-4D17-AC6E-0A5BCEA0068A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3CA5CD24-C610-48D2-B0EE-70B72A8AF767}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C94DDD0E-2B68-4D85-BB9C-4A6052B0E289}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{761CE9E2-81EF-4941-A936-E36EEB743F4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7687810-CF0C-493F-B0BC-66BE2A892013}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B39A3BD2-DACB-49B7-9208-72867C07ED20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EE82305-AF78-4833-BF7A-8F8F8C888D1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7C5C4C04-C1F8-4097-AF47-C7A475590D86}C:\users\leah\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\leah\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{653A7600-49C7-400A-93B6-5BD3F8EFD4F7}C:\users\leah\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\leah\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{D84B72AF-6E17-4740-94F6-56E2D3CD8B1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35C3585F-C707-43FC-9883-C77F4FDC140C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{818A7530-C9C2-48E6-AA2D-1A6D12688D17}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
21-05-2016 00:00:08 Scheduled Checkpoint
21-05-2016 02:37:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PLDS DVD+-RW DS-8A8SH ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter #3
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2016 08:32:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 08:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 05:32:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.1.1.2, time stamp: 0x4f746f5a
Faulting module name: MurocApi.dll, version: 15.1.1.1, time stamp: 0x4f746e76
Exception code: 0xc0000005
Fault offset: 0x000000000002be1b
Faulting process id: 0x1274
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (05/20/2016 05:32:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 10:53:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Kaspersky Security Scan because of this error.
 
Program: Kaspersky Security Scan
File: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (05/20/2016 10:53:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: kss.exe, version: 16.0.0.1344, time stamp: 0x566fed39
Faulting module name: libcef.dll, version: 3.2357.1281.0, time stamp: 0x559bdb75
Exception code: 0xc0000006
Fault offset: 0x0010e60c
Faulting process id: 0x8f4
Faulting application start time: 0xkss.exe0
Faulting application path: kss.exe1
Faulting module path: kss.exe2
Report Id: kss.exe3
 
Error: (05/20/2016 08:50:33 AM) (Source: ESENT) (EventID: 104) (User: )
Description: wuaueng.dll (1228) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090).
 
Error: (05/20/2016 08:35:57 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1228) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1078788096 (0x00000000404d0000) for 32768 (0x00008000) bytes failed after wuaueng.dll0 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/20/2016 08:35:57 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1228) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1087799296 (0x0000000040d68000) for 32768 (0x00008000) bytes failed after wuaueng.dll0 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (05/20/2016 08:35:57 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (1228) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1087766528 (0x0000000040d60000) for 32768 (0x00008000) bytes failed after wuaueng.dll0 seconds with system error 1117 (0x0000045d): "The request could not be performed because of an I/O device error. ".  The write operation will fail with error -1022 (0xfffffc02).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
 
System errors:
=============
Error: (05/21/2016 08:42:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 08:42:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-04-23 09:54:04.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-23 09:54:04.316
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 16%
Total physical RAM: 8094.36 MB
Available physical RAM: 6789.46 MB
Total Virtual: 16186.9 MB
Available Virtual: 14954.93 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:633.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E75DA0BD)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

In addition to the following I can also see AVG and Kaspersky.... Using more than one AV will slow the system down and can cause freezes
 

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}


Which one do you wish to keep let me know and I will assist in the removal of the others


  • 0

#3
Beegjeem

Beegjeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Id like to keep Panda. 


  • 0

#4
Beegjeem

Beegjeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Id note that i only had avast when the problem occurred. The same problem has persisted


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the following removal tools to your desktop :

http://www.avg.com/gb-en/utilities
http://www.avast.com...install-utility
http://support.kaspe.../common/service

Then uninstall Avast, AVG and Kaspersky via control panel

Rebooting after each
When they are all uninstalled
Then run each removal tool in turn rebooting after each

Once you have done that then please run FRST again and post both new logs
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#6
Beegjeem

Beegjeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok I believe I completed the mentioned steps. 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Leah (administrator) on LEAH-PC (21-05-2016 15:25:04)
Running from C:\Users\Leah\Desktop
Loaded Profiles: Leah (Available Profiles: Leah)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Windows\System32\GManager.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Windows\System32\mlpatch.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1626112 2011-12-01] (Intel® Corporation)
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1896656 2016-01-11] (Magic Control Technology Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Run: [Google Update] => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-26] (Google Inc.)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{52CE0747-8895-4849-B152-EEBEC8D4F82B}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{5F778D39-3EDB-4894-B6FD-25373D063BA7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A2B969B0-A4F4-4EF7-9AC6-AE51A85E54D9}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-176779348-953494555-136863877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-176779348-953494555-136863877-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-176779348-953494555-136863877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_tb
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-10-26] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-10-26] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-176779348-953494555-136863877-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Leah\AppData\Roaming\Mozilla\Firefox\Profiles\p9t3a6rl.default
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: 
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-20] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-10-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Leah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @talk.google.com/O1DPlugin -> C:\Users\Leah\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-176779348-953494555-136863877-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Leah\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Leah\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=840_pr__alt__ddc_dsssyc_bd_com"
CHR Plugin: (Shockwave Flash) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Users\Leah\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-05]
CHR Extension: (YouTube) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-27]
CHR Extension: (Google Search) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Todo.ly) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap [2012-08-31]
CHR Extension: (Gmail) - C:\Users\Leah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-27]
StartMenuInternet: Google Chrome.BMIN4BP3UXMWY3K5UM55SOK5Q4 - C:\Users\Leah\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2011-11-30] (Red Bend Ltd.) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 MlPatch; C:\Windows\system32\MlPatch.exe [2244912 2014-08-22] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2011-11-30] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [172752 2016-01-12] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 MctUsbAudio; C:\Windows\System32\DRIVERS\MctFlt.sys [22320 2015-03-10] (Windows ® Win 7 DDK provider)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [80592 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-02-16] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-02-16] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-02-16] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-02-16] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-02-23] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-02-16] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 t5usb64; C:\Windows\System32\drivers\t5usb64.sys [141064 2016-01-19] (Magic Control Technology Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 13:01 - 2016-05-21 13:02 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Desktop\kavremvr.exe
2016-05-21 11:50 - 2016-05-21 11:51 - 06042904 _____ (AVAST Software) C:\Users\Leah\Desktop\avastclear.exe
2016-05-21 11:40 - 2016-05-21 11:50 - 00000000 ____D C:\AVG_Remover
2016-05-21 11:40 - 2016-05-21 11:40 - 08065568 _____ ( ) C:\Users\Leah\Desktop\AVG_Remover (1).exe
2016-05-21 11:39 - 2016-05-21 11:39 - 08065568 _____ ( ) C:\Users\Leah\Desktop\AVG_Remover.exe
2016-05-21 08:42 - 2016-05-21 08:42 - 00034767 _____ C:\Users\Leah\Desktop\Addition.txt
2016-05-21 08:41 - 2016-05-21 15:25 - 00020680 _____ C:\Users\Leah\Desktop\FRST.txt
2016-05-21 08:40 - 2016-05-21 08:40 - 02382336 _____ (Farbar) C:\Users\Leah\Desktop\FRST64.exe
2016-05-21 08:37 - 2016-05-21 15:25 - 00000000 ____D C:\FRST
2016-05-21 08:37 - 2016-05-21 08:37 - 02382336 _____ (Farbar) C:\Users\Leah\Downloads\FRST64.exe
2016-05-20 08:51 - 2016-05-20 08:51 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-19 21:45 - 2016-05-19 21:45 - 00000000 ____D C:\Users\Leah\AppData\Roaming\Panda Security
2016-05-19 21:45 - 2015-05-22 04:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-05-19 21:44 - 2016-05-19 21:45 - 00002199 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-05-19 21:44 - 2016-05-19 21:45 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-05-19 21:44 - 2016-05-19 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-05-19 21:42 - 2016-05-19 21:45 - 00000000 ____D C:\ProgramData\Panda Security
2016-05-19 21:42 - 2016-05-19 21:42 - 02252720 _____ (Panda Security, S.L.) C:\Users\Leah\Downloads\PANDAFREEAV.exe
2016-04-26 23:36 - 2016-04-26 23:36 - 00003444 _____ C:\Users\Leah\Desktop\JRT.txt
2016-04-26 23:34 - 2016-04-26 23:34 - 01610008 _____ (Malwarebytes) C:\Users\Leah\Downloads\JRT.exe
2016-04-26 23:25 - 2016-04-26 23:25 - 00000000 ____D C:\Users\Leah\AppData\Local\CEF
2016-04-26 23:14 - 2016-05-21 13:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-26 23:13 - 2016-04-26 23:13 - 02622792 _____ (Kaspersky Lab) C:\Users\Leah\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-26 22:48 - 2016-04-26 22:48 - 00000000 ____D C:\KVRT_Data
2016-04-26 22:47 - 2016-04-26 22:48 - 94827432 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Downloads\KVRT.exe
2016-04-23 09:58 - 2016-04-23 09:58 - 00023957 _____ C:\ComboFix.txt
2016-04-23 09:46 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-23 09:46 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-23 09:46 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-23 09:46 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-23 09:44 - 2016-04-23 09:58 - 00000000 ____D C:\Qoobox
2016-04-23 09:43 - 2016-04-23 09:56 - 00000000 ____D C:\Windows\erdnt
2016-04-23 09:43 - 2016-04-23 09:43 - 05660058 ____R (Swearware) C:\Users\Leah\Downloads\ComboFix.exe
2016-04-23 09:42 - 2016-04-23 09:42 - 37409400 _____ (Malwarebytes ) C:\Users\Leah\Downloads\MBARW_Setup.exe
2016-04-23 09:05 - 2016-04-23 09:08 - 00000000 ____D C:\AdwCleaner
2016-04-23 09:05 - 2016-04-23 09:05 - 03683904 _____ C:\Users\Leah\Downloads\AdwCleaner.exe
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\Users\Leah\AppData\Local\MFAData
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\ProgramData\MFAData
2016-04-23 08:23 - 2016-05-21 11:41 - 00000000 ____D C:\ProgramData\Avg
2016-04-23 08:22 - 2016-04-23 08:22 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Leah\Downloads\AVG_Protection_1472.exe
2016-04-23 08:22 - 2016-04-23 08:22 - 00000000 ____D C:\Users\Leah\AppData\Local\Avg
2016-04-23 07:08 - 2016-04-26 22:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 07:08 - 2016-04-23 07:08 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-23 07:08 - 2016-04-23 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-23 07:08 - 2016-04-23 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-23 07:08 - 2016-04-23 07:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-23 07:08 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-23 07:08 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-23 07:08 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-23 07:07 - 2016-04-23 07:07 - 22851472 _____ (Malwarebytes ) C:\Users\Leah\Downloads\mbam-setup-2.2.1.1043.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 15:13 - 2012-08-21 18:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 15:11 - 2015-10-26 18:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 15:11 - 2012-08-21 19:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA.job
2016-05-21 13:56 - 2009-07-14 00:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 13:56 - 2009-07-14 00:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 13:31 - 2015-12-09 22:27 - 00002812 _____ C:\Windows\system32\GManager.ini
2016-05-21 13:30 - 2015-10-26 18:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 13:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 13:10 - 2015-10-27 07:22 - 03218516 _____ C:\Windows\ntbtlog.txt
2016-05-21 11:51 - 2015-10-26 18:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-20 17:37 - 2015-11-06 20:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-20 17:23 - 2012-08-21 19:32 - 00002370 _____ C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-20 08:54 - 2012-08-21 18:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-20 08:53 - 2012-08-21 18:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-20 08:53 - 2012-08-21 18:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-20 07:41 - 2009-07-14 00:45 - 00531656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-19 21:45 - 2012-08-20 20:57 - 00133664 _____ C:\Users\Leah\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-19 21:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-19 21:21 - 2012-08-21 19:31 - 00000000 ____D C:\Users\Leah\AppData\Local\Google
2016-05-19 21:06 - 2015-10-26 18:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-19 21:06 - 2015-10-26 18:53 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-19 21:06 - 2012-08-21 19:31 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA
2016-05-19 21:06 - 2012-08-21 19:31 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core
2016-05-19 21:06 - 2012-08-21 19:31 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core.job
2016-04-23 09:54 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-23 09:08 - 2014-07-10 08:34 - 00000000 ____D C:\Users\Leah\AppData\Roaming\Yahoo!
2016-04-23 09:08 - 2014-07-10 08:34 - 00000000 ____D C:\Users\Leah\AppData\LocalLow\Yahoo!
2016-04-23 09:08 - 2014-07-10 08:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-04-23 07:27 - 2010-11-21 03:17 - 00000000 ____D C:\Windows\CSC
2016-04-21 22:03 - 2012-08-21 21:35 - 00000000 ____D C:\Users\Leah\AppData\Roaming\vlc
2016-04-21 15:05 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\Leah\KENPAVE.exe
 
 
Some files in TEMP:
====================
C:\Users\Leah\AppData\Local\Temp\avguirn_08248499285.exe
C:\Users\Leah\AppData\Local\Temp\{13066A6E-1E0A-4A84-8329-F6F80CED133A}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-29 00:29
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Leah (2016-05-21 15:25:21)
Running from C:\Users\Leah\Desktop
Windows 7 Professional Service Pack 1 (X64) (2012-08-21 00:46:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-176779348-953494555-136863877-500 - Administrator - Disabled)
Guest (S-1-5-21-176779348-953494555-136863877-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176779348-953494555-136863877-1002 - Limited - Enabled)
Leah (S-1-5-21-176779348-953494555-136863877-1000 - Administrator - Enabled) => C:\Users\Leah
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.00.0000 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.8.33771 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Juniper_Setup_Client) (Version: 8.0.8.52215 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Juniper_Term_Services) (Version: 8.0.8.33771 - Juniper Networks)
KENPAVE (HKLM-x32\...\ST6UNST #1) (Version:  - )
K-Lite Codec Pack 9.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Logos 5 Prerequisites (HKLM-x32\...\{6DA1E579-2E4D-4AF4-85F5-FB73C6531610}) (Version: 5.16.0880 - Logos Bible Software)
Logos Bible Software 5 (HKLM-x32\...\{BC8CB361-6566-4EDB-87BE-4B470AE664A0}) (Version: 5.16.950 - Logos Bible Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mathcad 15 M010 (HKLM-x32\...\{8FD0167F-A752-467A-86BE-3728D71F68B8}) (Version: 15.0.1.0 - PTC)
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Mathcad Prime 2.0 (HKLM\...\{1D9A78F1-FDC7-45D8-8145-B6462CA82240}) (Version: 2.0 - PTC)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
On-Screen Takeoff (HKLM-x32\...\{8BF3AF44-C518-4236-BD62-E637D86C6C16}) (Version: 3.8.3.203 - On Center Software, Inc.)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security)
Panda Free Antivirus (Version: 8.21.00 - Panda Security) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-176779348-953494555-136863877-1000\...\Spotify) (Version: 0.8.4.124.ga3559d86 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trigger External Graphics Family 16.01.0113.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.01.0113.0179 - MCT Corp)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14EDAF2D-AA23-4475-9725-0B97892641AB} - \Yahoo! Search -> No File <==== ATTENTION
Task: {177BDA36-E75B-47AE-BD4D-709D4E38E157} - System32\Tasks\{60293089-BBCD-460D-8DDA-A5538FF0A636} => pcalua.exe -a "C:\Users\Leah\Downloads\setup (1).exe" -d C:\Users\Leah\Downloads
Task: {1B71C1F6-8417-421E-BC2A-0CFC742746B5} - \DriverRestore_ScheduledScan -> No File <==== ATTENTION
Task: {1D7A18BF-579C-4D1D-9CF6-DA836609EF9D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {31E411E0-6C80-4324-B275-0F40508A1228} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {48D9219E-76DC-46E3-99AC-9336C34EBF4A} - System32\Tasks\{D9D83C7C-76F5-429E-96A4-84EE10389AC9} => pcalua.exe -a D:\setup.exe -d D:\
Task: {52643C01-CAB1-42AB-83D4-F0141D9F7804} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {57B1480F-8F58-480C-BAB5-7A7F19426118} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {8EE5B3E3-0475-4492-A002-A2AE70AF1295} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {C535B57A-2A7B-4EE1-9DF3-4708229A70FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-20] (Adobe Systems Incorporated)
Task: {E71962A2-68A3-4459-A5CD-7139BA2ECCF9} - \DriverRestore_DailyScan -> No File <==== ATTENTION
Task: {F12D05DF-3C66-4C13-B960-DD87D5212C1F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F3B136BD-42F1-40EB-9B6B-CB1CD98A03A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
Task: {FF18F2E3-DF33-4342-8F76-303709083632} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000Core.job => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-176779348-953494555-136863877-1000UA.job => C:\Users\Leah\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-20 19:19 - 2012-03-19 15:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-09 22:27 - 2012-08-28 15:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2015-12-09 22:27 - 2014-08-22 18:10 - 02244912 _____ () C:\Windows\system32\MlPatch.exe
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-12-15 13:17 - 2015-12-15 13:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-05-20 17:22 - 2016-05-11 07:48 - 01738904 _____ () C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-20 17:22 - 2016-05-11 07:48 - 00086168 _____ () C:\Users\Leah\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-04-23 09:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-176779348-953494555-136863877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9B8C7432-D288-437F-BC22-D7A87AD1685D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{5D5C6FB7-4839-4C8D-8732-BB95C7CA80F3}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{CC3EC1F1-F333-41E7-8F3F-4979EAAED081}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{1EE7F594-8D3E-4CF2-BDBF-927623A5DDA9}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{08DA7E6B-FB84-4E53-B500-390B3050532E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5F9B15BF-1CA0-43AB-925A-DC2F649AF886}C:\users\leah\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\leah\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{154A8445-0054-4831-BAD7-D4F01F21C7C6}C:\users\leah\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\leah\appdata\roaming\spotify\spotify.exe
FirewallRules: [{00ADA3E7-6A78-4D17-AC6E-0A5BCEA0068A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3CA5CD24-C610-48D2-B0EE-70B72A8AF767}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C94DDD0E-2B68-4D85-BB9C-4A6052B0E289}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{761CE9E2-81EF-4941-A936-E36EEB743F4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7687810-CF0C-493F-B0BC-66BE2A892013}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B39A3BD2-DACB-49B7-9208-72867C07ED20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EE82305-AF78-4833-BF7A-8F8F8C888D1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{7C5C4C04-C1F8-4097-AF47-C7A475590D86}C:\users\leah\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\leah\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{653A7600-49C7-400A-93B6-5BD3F8EFD4F7}C:\users\leah\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\leah\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{D84B72AF-6E17-4740-94F6-56E2D3CD8B1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35C3585F-C707-43FC-9883-C77F4FDC140C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{818A7530-C9C2-48E6-AA2D-1A6D12688D17}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
21-05-2016 00:00:08 Scheduled Checkpoint
21-05-2016 02:37:55 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PLDS DVD+-RW DS-8A8SH ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter #3
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter #4
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2016 01:31:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 01:11:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 12:06:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 11:54:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 11:44:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 08:32:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2016 08:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 05:32:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.1.1.2, time stamp: 0x4f746f5a
Faulting module name: MurocApi.dll, version: 15.1.1.1, time stamp: 0x4f746e76
Exception code: 0xc0000005
Fault offset: 0x000000000002be1b
Faulting process id: 0x1274
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (05/20/2016 05:32:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 10:53:31 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Kaspersky Security Scan because of this error.
 
Program: Kaspersky Security Scan
File: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
 
System errors:
=============
Error: (05/21/2016 01:32:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/21/2016 01:31:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/21/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (05/21/2016 01:29:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-04-23 09:54:04.378
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-04-23 09:54:04.316
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3612QM CPU @ 2.10GHz
Percentage of memory in use: 26%
Total physical RAM: 8094.36 MB
Available physical RAM: 5932 MB
Total Virtual: 16186.9 MB
Available Virtual: 13932.97 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:637.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E75DA0BD)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once the fix has run could you tell me what problems you are experiencing

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-05-21 13:01 - 2016-05-21 13:02 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Desktop\kavremvr.exe
2016-05-21 11:50 - 2016-05-21 11:51 - 06042904 _____ (AVAST Software) C:\Users\Leah\Desktop\avastclear.exe
2016-05-21 11:40 - 2016-05-21 11:50 - 00000000 ____D C:\AVG_Remover
2016-05-21 11:40 - 2016-05-21 11:40 - 08065568 _____ ( ) C:\Users\Leah\Desktop\AVG_Remover (1).exe
2016-05-21 11:39 - 2016-05-21 11:39 - 08065568 _____ ( ) C:\Users\Leah\Desktop\AVG_Remover.exe
2016-04-26 23:14 - 2016-05-21 13:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-26 23:13 - 2016-04-26 23:13 - 02622792 _____ (Kaspersky Lab) C:\Users\Leah\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-26 22:48 - 2016-04-26 22:48 - 00000000 ____D C:\KVRT_Data
2016-04-26 22:47 - 2016-04-26 22:48 - 94827432 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Downloads\KVRT.exe
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\Users\Leah\AppData\Local\MFAData
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\ProgramData\MFAData
2016-04-23 08:23 - 2016-05-21 11:41 - 00000000 ____D C:\ProgramData\Avg
2016-04-23 08:22 - 2016-04-23 08:22 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Leah\Downloads\AVG_Protection_1472.exe
2016-04-23 08:22 - 2016-04-23 08:22 - 00000000 ____D C:\Users\Leah\AppData\Local\Avg
2016-05-20 17:37 - 2015-11-06 20:04 - 00000000 ____D C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {14EDAF2D-AA23-4475-9725-0B97892641AB} - \Yahoo! Search -> No File <==== ATTENTION
Task: {177BDA36-E75B-47AE-BD4D-709D4E38E157} - System32\Tasks\{60293089-BBCD-460D-8DDA-A5538FF0A636} => pcalua.exe -a "C:\Users\Leah\Downloads\setup (1).exe" -d C:\Users\Leah\Downloads
Task: {1B71C1F6-8417-421E-BC2A-0CFC742746B5} - \DriverRestore_ScheduledScan -> No File <==== ATTENTION
Task: {31E411E0-6C80-4324-B275-0F40508A1228} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {48D9219E-76DC-46E3-99AC-9336C34EBF4A} - System32\Tasks\{D9D83C7C-76F5-429E-96A4-84EE10389AC9} => pcalua.exe -a D:\setup.exe -d D:\
Task: {57B1480F-8F58-480C-BAB5-7A7F19426118} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {8EE5B3E3-0475-4492-A002-A2AE70AF1295} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {E71962A2-68A3-4459-A5CD-7139BA2ECCF9} - \DriverRestore_DailyScan -> No File <==== ATTENTION
C:\Users\Leah\KENPAVE.exe
C:\Program Files\Common Files\AV\avast! Antivirus
C:\Program Files\AVAST Software
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files (x86)\AVG
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
Beegjeem

Beegjeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Unfortunately the same issue is persisting - when i open mozilla it lets me got to maybe one website before my mouse icon goes into thinking mode and i cant do anything. The only way to get out is to shut off the computer.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-05-2016
Ran by Leah (2016-05-21 16:22:28) Run:1
Running from C:\Users\Leah\Desktop
Loaded Profiles: Leah (Available Profiles: Leah)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2016-05-21 13:01 - 2016-05-21 13:02 - 12819016 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Desktop\kavremvr.exe
2016-05-21 11:50 - 2016-05-21 11:51 - 06042904 _____ (AVAST Software) C:\Users\Leah\Desktop\avastclear.exe
2016-05-21 11:40 - 2016-05-21 11:50 - 00000000 ____D C:\AVG_Remover
2016-05-21 11:40 - 2016-05-21 11:40 - 08065568 _____ ( ) C:\Users\Leah\Desktop\AVG_Remover (1).exe
2016-05-21 11:39 - 2016-05-21 11:39 - 08065568 _____ ( ) C:\Users\Leah\Desktop\AVG_Remover.exe
2016-04-26 23:14 - 2016-05-21 13:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-04-26 23:13 - 2016-04-26 23:13 - 02622792 _____ (Kaspersky Lab) C:\Users\Leah\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-04-26 22:48 - 2016-04-26 22:48 - 00000000 ____D C:\KVRT_Data
2016-04-26 22:47 - 2016-04-26 22:48 - 94827432 _____ (Kaspersky Lab ZAO) C:\Users\Leah\Downloads\KVRT.exe
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\Users\Leah\AppData\Local\MFAData
2016-04-23 08:25 - 2016-04-23 08:25 - 00000000 ____D C:\ProgramData\MFAData
2016-04-23 08:23 - 2016-05-21 11:41 - 00000000 ____D C:\ProgramData\Avg
2016-04-23 08:22 - 2016-04-23 08:22 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Leah\Downloads\AVG_Protection_1472.exe
2016-04-23 08:22 - 2016-04-23 08:22 - 00000000 ____D C:\Users\Leah\AppData\Local\Avg
2016-05-20 17:37 - 2015-11-06 20:04 - 00000000 ____D C:\ProgramData\boost_interprocess
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {14EDAF2D-AA23-4475-9725-0B97892641AB} - \Yahoo! Search -> No File <==== ATTENTION
Task: {177BDA36-E75B-47AE-BD4D-709D4E38E157} - System32\Tasks\{60293089-BBCD-460D-8DDA-A5538FF0A636} => pcalua.exe -a "C:\Users\Leah\Downloads\setup (1).exe" -d C:\Users\Leah\Downloads
Task: {1B71C1F6-8417-421E-BC2A-0CFC742746B5} - \DriverRestore_ScheduledScan -> No File <==== ATTENTION
Task: {31E411E0-6C80-4324-B275-0F40508A1228} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {48D9219E-76DC-46E3-99AC-9336C34EBF4A} - System32\Tasks\{D9D83C7C-76F5-429E-96A4-84EE10389AC9} => pcalua.exe -a D:\setup.exe -d D:\
Task: {57B1480F-8F58-480C-BAB5-7A7F19426118} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {8EE5B3E3-0475-4492-A002-A2AE70AF1295} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {E71962A2-68A3-4459-A5CD-7139BA2ECCF9} - \DriverRestore_DailyScan -> No File <==== ATTENTION
C:\Users\Leah\KENPAVE.exe
C:\Program Files\Common Files\AV\avast! Antivirus
C:\Program Files\AVAST Software
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files (x86)\AVG
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvgUi => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\KSS => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
catchme => service removed successfully
C:\Users\Leah\Desktop\kavremvr.exe => moved successfully
C:\Users\Leah\Desktop\avastclear.exe => moved successfully
C:\AVG_Remover => moved successfully
C:\Users\Leah\Desktop\AVG_Remover (1).exe => moved successfully
C:\Users\Leah\Desktop\AVG_Remover.exe => moved successfully
C:\ProgramData\Kaspersky Lab Setup Files => moved successfully
C:\Users\Leah\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe => moved successfully
C:\KVRT_Data => moved successfully
C:\Users\Leah\Downloads\KVRT.exe => moved successfully
C:\Users\Leah\AppData\Local\MFAData => moved successfully
C:\ProgramData\MFAData => moved successfully
C:\ProgramData\Avg => moved successfully
C:\Users\Leah\Downloads\AVG_Protection_1472.exe => moved successfully
C:\Users\Leah\AppData\Local\Avg => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14EDAF2D-AA23-4475-9725-0B97892641AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14EDAF2D-AA23-4475-9725-0B97892641AB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{177BDA36-E75B-47AE-BD4D-709D4E38E157}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177BDA36-E75B-47AE-BD4D-709D4E38E157}" => key removed successfully
C:\Windows\System32\Tasks\{60293089-BBCD-460D-8DDA-A5538FF0A636} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{60293089-BBCD-460D-8DDA-A5538FF0A636}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B71C1F6-8417-421E-BC2A-0CFC742746B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B71C1F6-8417-421E-BC2A-0CFC742746B5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_ScheduledScan => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{31E411E0-6C80-4324-B275-0F40508A1228}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E411E0-6C80-4324-B275-0F40508A1228}" => key removed successfully
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48D9219E-76DC-46E3-99AC-9336C34EBF4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48D9219E-76DC-46E3-99AC-9336C34EBF4A}" => key removed successfully
C:\Windows\System32\Tasks\{D9D83C7C-76F5-429E-96A4-84EE10389AC9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9D83C7C-76F5-429E-96A4-84EE10389AC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57B1480F-8F58-480C-BAB5-7A7F19426118}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57B1480F-8F58-480C-BAB5-7A7F19426118}" => key removed successfully
C:\Windows\System32\Tasks\avast! Emergency Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EE5B3E3-0475-4492-A002-A2AE70AF1295}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE5B3E3-0475-4492-A002-A2AE70AF1295}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E71962A2-68A3-4459-A5CD-7139BA2ECCF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E71962A2-68A3-4459-A5CD-7139BA2ECCF9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverRestore_DailyScan => key not found. 
C:\Users\Leah\KENPAVE.exe => moved successfully
C:\Program Files\Common Files\AV\avast! Antivirus => moved successfully
"C:\Program Files\AVAST Software" => not found.
"C:\Program Files (x86)\Kaspersky Lab" => not found.
"C:\Program Files (x86)\AVG" => not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-176779348-953494555-136863877-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-176779348-953494555-136863877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-176779348-953494555-136863877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {4F0C718C-0CA5-4F4F-BEC3-DEAD14AE459E}.
Unable to cancel {7564050B-8825-4061-9204-22A22FBF8A53}.
0 out of 2 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 608.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:23:45 ====

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Does this occur in all browsers or just Firefox ?


  • 0

#10
Beegjeem

Beegjeem

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Yeah it seems to just happen when im dealing with Firefox not google chrome or Internet explorer (when i ran it for 5 minutes). I could stop using firefox but maybe you know a trick or two.


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you refresh Firefox, details here https://support.mozi...ns-and-settings

Then let me know if that makes a difference
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: mozilla, busy, ctrl alt delete

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP