[animalloverabh]

All of the tabs just suddenly closed without me doing anything.

The computer was very slow for around 30 seconds after this when I tried to start google up again.

 

I also have avc constantly telling me my free trial is over????

 

Thanks in advance.

[Advertisements]

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[RKinner]

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[animalloverabh]

# AdwCleaner v5.118 - Logfile created 29/05/2016 at 21:50:36

# Updated 23/05/2016 by Xplode

# Database : 2016-05-29.1 [Server]

# Operating system : Windows 8.1  (X64)

# Username : Alanna - HEMPANATOR

# Running from : C:\Users\Alanna\Downloads\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

[-] Service Deleted : APNMCP

[-] Service Deleted : WtuSystemSupport

[-] Service Deleted : vToolbarUpdater40.3.1

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\apn

[-] Folder Deleted : C:\ProgramData\AskPartnerNetwork

[-] Folder Deleted : C:\ProgramData\AVG Secure Search

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar

[-] Folder Deleted : C:\ProgramData\avg web tuneup

[-] Folder Deleted : C:\ProgramData\Avg_Update_0415av

[#] Folder Deleted : C:\ProgramData\Application Data\apn

[#] Folder Deleted : C:\ProgramData\Application Data\AskPartnerNetwork

[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search

[#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar

[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup

[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0415av

[-] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork

[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\Temp\apn

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\AskPartnerNetwork

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\VNT

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\avg web tuneup

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahaeginbdcckocjkhbciadcafnep

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjebaomffhbebmkanbennmagkdjkclo

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja

[-] Folder Deleted : C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko

[-] Folder Deleted : C:\Program Files\avg web tuneup

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\Alanna\Favorites\eBay.lnk

[-] File Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

[-] File Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

[-] File Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

[-] File Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

[-] File Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage

[-] File Deleted : C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

[-] File Deleted : C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage

[-] File Deleted : C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal

[-] File Deleted : C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage

[-] File Deleted : C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaahaeginbdcckocjkhbciadcafnep

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[-] Key Deleted : HKLM\SOFTWARE\Classes\s

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep

[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaahaeginbdcckocjkhbciadcafnep

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\opjebaomffhbebmkanbennmagkdjkclo

[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\opjebaomffhbebmkanbennmagkdjkclo

[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf

[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaejaghnbcjilindpkgmcmdflpgjf

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj

[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKCU\Software\AskPartnerNetwork

[-] Key Deleted : HKCU\Software\VNT

[-] Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork

[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup

[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search

[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork

[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Data Restored : HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTBMon]

[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]

[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [VNT]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaejaghnbcjilindpkgmcmdflpgjf

[-] [C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaahaeginbdcckocjkhbciadcafnep

[-] [C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn

[-] [C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

[-] [C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : opjebaomffhbebmkanbennmagkdjkclo

[-] [C:\Users\Alanna\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [12150 bytes] - [29/05/2016 21:50:36]

C:\AdwCleaner\AdwCleaner[S1].txt - [12097 bytes] - [29/05/2016 21:45:56]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12298 bytes] ##########

[animalloverabh]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 8.1 x64 

Ran by Alanna (Administrator) on 29/05/2016 at 22:05:20.96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 16 

 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adultcatfinder.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_adultcatfinder.com_0.localstorage (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.oldielyrics.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.oldielyrics.com_0.localstorage (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal (File) 

Successfully deleted: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage (File) 

Successfully deleted: C:\windows\system32\Tasks\0415avUpdateInfo (Task)

Successfully deleted: C:\windows\Tasks\0415avUpdateInfo.job (Task) 

 

 

 

Registry: 2 

 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29/05/2016 at 22:10:57.72

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[animalloverabh]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02

Ran by Alanna (administrator) on HEMPANATOR (29-05-2016 22:14:50)

Running from C:\Users\Alanna\Downloads

Loaded Profiles: Alanna (Available Profiles: Alanna)

Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

() C:\Program Files\Apoint2K\HidMonitorSvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

(FUJITSU LIMITED) C:\Program Files\FUJITSU\FUJ02E3\FUJ02E3.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe

(FUJITSU LIMITED) C:\Program Files\FUJITSU\Plugfree NETWORK\PFNService.exe

(FUJITSU LIMITED) C:\Program Files\FUJITSU\PSUtility\PSUService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13642968 2013-08-13] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-23] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-05-19] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [FUJ02B1_Apps] => C:\Program Files (x86)\Fujitsu\FUJ02B1\CheckBatteryPack.exe [349000 2016-02-02] (FUJITSU LIMITED)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Run: [Facebook Update] => C:\Users\Alanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-03] (Facebook Inc.)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Run: [f.lux] => C:\Users\Alanna\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Run: [BingSvc] => C:\Users\Alanna\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\MountPoints2: {59557de8-0498-11e5-829c-681729d24acd} - "F:\Startme.exe" 

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\MountPoints2: {5bcd9483-d6fc-11e5-82b2-681729d24acd} - "D:\Startme.exe" 

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\MountPoints2: {989ccea9-b855-11e3-826f-681729d24acd} - "D:\Startme.exe" 

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()

Startup: C:\Users\Alanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-09-29]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{7BA37EAC-A21F-42CA-9DDA-F3532474E1F2}: [DhcpNameServer] 192.168.1.254

 

Internet Explorer:

==================

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-gb

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://fujitsu13.msn.com/?pc=FSJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2581172181-3245553297-1029845820-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2581172181-3245553297-1029845820-1001 -> {95DB76ED-8DBB-4160-8973-D1EB4497AC13} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll => No File

BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)

BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

FF Plugin HKU\S-1-5-21-2581172181-3245553297-1029845820-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Alanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-2581172181-3245553297-1029845820-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2016-05-29]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Duolingo on the Web) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-08-31]

CHR Extension: (Google Docs) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]

CHR Extension: (Google Drive) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]

CHR Extension: (YouTube) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]

CHR Extension: (Google Search) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Docs Offline) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]

CHR Extension: (AdBlock) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-29]

CHR Extension: (Skype) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-29]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]

CHR Extension: (Norton Security Toolbar) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-07]

CHR Extension: (Gmail) - C:\Users\Alanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [86872 2013-08-02] ()

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-05-19] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-05-19] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-05-19] (AVG Technologies CZ, s.r.o.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)

R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)

R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [74448 2013-07-18] (FUJITSU LIMITED)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-07] (Symantec Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)

R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2219520 2013-07-12] (FUJITSU LIMITED) [File not signed]

R2 PowerSavingUtilityService; C:\Program Files\FUJITSU\PSUtility\PSUService.exe [51608 2013-08-19] (FUJITSU LIMITED)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4584208 2016-03-29] (AVG Technologies CZ, s.r.o.)

R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-03-29] (AVG Technologies CZ, s.r.o.)

R2 UxTuneUp; C:\windows\SysWOW64\uxtuneup.dll [49424 2016-03-29] (AVG Technologies CZ, s.r.o.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-04] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-05] (Disc Soft Ltd)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)

R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [20176 2013-08-09] (FUJITSU LIMITED)

R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [33096 2016-02-02] (FUJITSU LIMITED)

R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [21200 2013-08-12] (FUJITSU LIMITED)

R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-09-03] (Symantec Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)

S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140913.021\ENG64.SYS [129752 2014-09-05] (Symantec Corporation)

S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140913.021\EX64.SYS [2137304 2014-09-05] (Symantec Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)

S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1812760 2013-08-12] (Sonix Co. Ltd.)

S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NAVx64\1507000.00B\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-16] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-29 22:14 - 2016-05-29 22:15 - 00029195 _____ C:\Users\Alanna\Downloads\FRST.txt

2016-05-29 22:14 - 2016-05-29 22:14 - 02383872 _____ (Farbar) C:\Users\Alanna\Downloads\FRST64.exe

2016-05-29 22:14 - 2016-05-29 22:14 - 00000000 ____D C:\FRST

2016-05-29 22:12 - 2016-05-29 22:12 - 03678272 _____ C:\Users\Alanna\Downloads\AdwCleaner (2).exe

2016-05-29 22:10 - 2016-05-29 22:10 - 00003071 _____ C:\Users\Alanna\Desktop\JRT.txt

2016-05-29 22:04 - 2016-05-29 22:04 - 01610816 _____ (Malwarebytes) C:\Users\Alanna\Downloads\JRT.exe

2016-05-29 22:04 - 2016-05-29 22:04 - 01610816 _____ (Malwarebytes) C:\Users\Alanna\Desktop\JRT.exe

2016-05-29 22:02 - 2016-05-29 22:03 - 03678272 _____ C:\Users\Alanna\Downloads\AdwCleaner (1).exe

2016-05-29 21:45 - 2016-05-29 21:50 - 00000000 ____D C:\AdwCleaner

2016-05-29 19:41 - 2016-05-29 19:42 - 03678272 _____ C:\Users\Alanna\Downloads\AdwCleaner.exe

2016-05-29 10:27 - 2016-05-29 10:27 - 00602112 _____ (OldTimer Tools) C:\Users\Alanna\Downloads\OTL.scr

2016-05-28 09:00 - 2016-05-28 09:02 - 115953736 _____ C:\Users\Alanna\Downloads\AlejandroAravena_2014G-480p.mp4

2016-05-26 20:07 - 2016-05-26 20:07 - 00688913 _____ C:\Users\Alanna\Downloads\james (@niandraIades) _ Twitter.html

2016-05-23 08:04 - 2016-05-23 08:04 - 01311642 _____ C:\Users\Alanna\Downloads\ebook_the_monk_who_sold_his_ferrari_robin_s_sharma.pdf

2016-05-23 07:51 - 2016-05-29 21:47 - 00004970 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEMPANATOR-Alanna hempanator

2016-05-15 15:36 - 2016-05-15 15:36 - 20603894 _____ C:\Users\Alanna\Downloads\Results Day..mp4

2016-05-15 12:00 - 2016-05-15 12:00 - 00551424 _____ C:\Users\Alanna\Downloads\8. Formation of a depression.ppt

2016-05-15 01:00 - 2016-05-15 01:00 - 00157989 _____ C:\Users\Alanna\Downloads\property-33952917.html

2016-05-10 22:37 - 2016-04-22 21:54 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2016-05-10 22:37 - 2016-04-22 21:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2016-05-10 22:37 - 2016-04-22 21:14 - 02893312 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2016-05-10 22:37 - 2016-04-22 21:08 - 06052864 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2016-05-10 22:37 - 2016-04-22 21:06 - 20349952 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2016-05-10 22:37 - 2016-04-22 21:00 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2016-05-10 22:37 - 2016-04-22 20:35 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2016-05-10 22:37 - 2016-04-22 20:29 - 02285568 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2016-05-10 22:37 - 2016-04-22 20:24 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll

2016-05-10 22:37 - 2016-04-22 20:23 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2016-05-10 22:37 - 2016-04-22 20:19 - 15414784 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2016-05-10 22:37 - 2016-04-22 20:17 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll

2016-05-10 22:37 - 2016-04-22 20:14 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2016-05-10 22:37 - 2016-04-22 20:14 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2016-05-10 22:37 - 2016-04-22 20:14 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2016-05-10 22:37 - 2016-04-22 20:12 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2016-05-10 22:37 - 2016-04-22 19:58 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2016-05-10 22:37 - 2016-04-22 19:58 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll

2016-05-10 22:37 - 2016-04-22 19:54 - 13811200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2016-05-10 22:37 - 2016-04-22 19:53 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll

2016-05-10 22:37 - 2016-04-22 19:52 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2016-05-10 22:37 - 2016-04-22 19:52 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2016-05-10 22:37 - 2016-04-22 19:52 - 00330752 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2016-05-10 22:37 - 2016-04-22 19:51 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2016-05-10 22:37 - 2016-04-22 19:40 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2016-05-10 22:37 - 2016-04-22 19:29 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2016-05-10 22:37 - 2016-04-22 19:27 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2016-05-10 22:37 - 2016-04-22 19:24 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2016-05-10 22:37 - 2016-04-22 19:23 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2016-05-10 22:35 - 2016-04-06 22:13 - 00561960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2016-05-10 22:35 - 2016-04-06 22:13 - 00137976 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2016-05-10 22:35 - 2016-04-06 19:20 - 00201728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys

2016-05-10 22:35 - 2016-04-06 19:19 - 00401920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys

2016-05-10 22:35 - 2016-04-06 19:19 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys

2016-05-10 22:35 - 2016-04-06 18:49 - 00120384 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2016-05-10 22:35 - 2016-04-06 18:40 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2016-05-10 22:35 - 2016-04-06 17:57 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2016-05-10 22:35 - 2016-04-06 17:52 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2016-05-10 22:35 - 2016-04-06 17:20 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2016-05-10 22:35 - 2016-04-06 16:48 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2016-05-10 22:35 - 2016-03-31 07:50 - 01307328 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2016-05-10 22:35 - 2016-03-31 04:40 - 00747520 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2016-05-10 22:34 - 2016-04-10 08:48 - 00738096 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll

2016-05-10 22:34 - 2016-04-10 08:48 - 00613624 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll

2016-05-10 22:34 - 2016-04-10 05:21 - 01763376 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2016-05-10 22:34 - 2016-04-10 05:21 - 01489088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll

2016-05-10 22:34 - 2016-04-10 05:14 - 01380600 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll

2016-05-10 22:34 - 2016-04-09 23:07 - 01097728 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll

2016-05-10 22:34 - 2016-04-09 22:58 - 00534016 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.dll

2016-05-10 22:34 - 2016-04-09 22:50 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.dll

2016-05-10 22:34 - 2016-03-29 02:42 - 07446368 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2016-05-10 22:34 - 2016-02-11 21:17 - 01737088 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2016-05-10 22:34 - 2016-02-11 21:17 - 01663184 _____ (Microsoft Corporation) C:\windows\system32\winload.efi

2016-05-10 22:34 - 2016-02-11 21:17 - 01523208 _____ (Microsoft Corporation) C:\windows\system32\winload.exe

2016-05-10 22:34 - 2016-02-11 21:17 - 01490120 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi

2016-05-10 22:34 - 2016-02-11 21:17 - 01358952 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe

2016-05-10 22:34 - 2016-02-11 21:16 - 01501488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2016-05-10 22:34 - 2016-02-09 19:07 - 00246784 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-system-events.dll

2016-05-10 22:33 - 2016-04-11 07:21 - 00074584 ____C (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys

2016-05-10 22:33 - 2016-04-10 06:37 - 01549144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys

2016-05-10 22:33 - 2016-04-10 00:29 - 04169216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2016-05-08 10:51 - 2016-05-08 10:51 - 00025768 _____ C:\Users\Alanna\Downloads\Ch62nUBWwAsSCBE.jpg-large

2016-05-04 16:58 - 2016-05-04 16:58 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avguniva.sys

2016-05-02 01:25 - 2016-05-02 01:25 - 01505408 _____ (Skype Technologies S.A.) C:\Users\Alanna\Downloads\SkypeSetup (1).exe

2016-05-01 09:51 - 2016-05-01 09:51 - 00048521 _____ C:\Users\Alanna\Downloads\ChWbarjW0AExh4y.jpg-large

2016-05-01 09:43 - 2016-05-01 09:43 - 00159986 _____ C:\Users\Alanna\Downloads\ChWb9F_WgAAGq_w.jpg-large

2016-05-01 09:36 - 2016-05-01 09:36 - 00231793 _____ C:\Users\Alanna\Downloads\ChWnpxAXEAAmHJ3.jpg-large

2016-05-01 09:35 - 2016-05-01 09:35 - 00210309 _____ C:\Users\Alanna\Downloads\ChW1Sf3WgAAt_cI.jpg-large

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-29 22:07 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness

2016-05-29 22:06 - 2015-06-16 17:12 - 00000000 ____D C:\Users\Alanna\AppData\Roaming\Skype

2016-05-29 22:04 - 2015-08-07 15:55 - 00000000 ____D C:\windows\System32\Tasks\Remediation

2016-05-29 22:02 - 2013-12-22 22:33 - 00000000 ___DO C:\Users\Alanna\SkyDrive

2016-05-29 22:00 - 2013-12-22 22:33 - 00000000 ____D C:\Users\Alanna\Documents\Youcam

2016-05-29 21:59 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\ELAM

2016-05-29 21:58 - 2013-12-23 01:05 - 00000924 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-29 21:55 - 2014-06-02 21:18 - 00000000 ____D C:\ProgramData\MFAData

2016-05-29 21:55 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT

2016-05-29 21:54 - 2013-08-22 14:25 - 00524288 ___SH C:\windows\system32\config\BBI

2016-05-29 21:50 - 2013-12-22 22:41 - 00003938 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D5FDDAAA-1C49-44B1-B641-7EF4732B44A2}

2016-05-29 16:55 - 2013-12-23 01:05 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-29 16:18 - 2014-05-03 19:13 - 00000954 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2581172181-3245553297-1029845820-1001UA.job

2016-05-28 19:18 - 2014-05-03 19:13 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2581172181-3245553297-1029845820-1001Core.job

2016-05-28 02:53 - 2015-06-16 17:12 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-05-27 20:40 - 2013-12-22 22:30 - 00000000 ____D C:\Users\Alanna\AppData\Local\Packages

2016-05-26 20:15 - 2014-03-21 18:16 - 00305767 _____ C:\Users\Alanna\Downloads\lol.jpeg

2016-05-25 21:07 - 2014-09-02 09:25 - 00000000 ____D C:\Users\Alanna\AppData\Local\CrashDumps

2016-05-25 20:40 - 2013-09-02 08:32 - 00338280 _____ C:\windows\system32\PerfStringBackup.INI

2016-05-25 20:40 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf

2016-05-24 07:54 - 2013-12-22 22:36 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2581172181-3245553297-1029845820-1001

2016-05-24 01:58 - 2016-02-18 15:27 - 00000959 _____ C:\Users\Public\Desktop\AVG Protection.lnk

2016-05-24 01:58 - 2015-02-09 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-05-22 10:35 - 2014-08-16 17:17 - 00000000 ____D C:\Program Files (x86)\NortonInstaller

2016-05-22 01:30 - 2014-08-16 17:17 - 00000000 ____D C:\ProgramData\Norton

2016-05-14 09:30 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp

2016-05-14 05:10 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache

2016-05-14 00:16 - 2013-08-22 15:44 - 05101432 _____ C:\windows\system32\FNTCACHE.DAT

2016-05-12 23:57 - 2015-12-13 17:26 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-05-12 23:57 - 2013-12-23 01:07 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-05-11 21:08 - 2014-09-15 18:00 - 00829944 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2016-05-11 21:08 - 2014-09-15 18:00 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-05-11 01:50 - 2013-12-23 01:05 - 00003900 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2016-05-11 01:50 - 2013-12-23 01:05 - 00003664 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2016-05-10 23:35 - 2013-08-22 21:59 - 00000000 ____D C:\Program Files\Windows Journal

2016-05-10 23:34 - 2013-12-27 17:50 - 00000000 ____D C:\windows\system32\MRT

2016-05-10 23:04 - 2013-12-27 17:50 - 139319312 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2016-05-10 23:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\en-GB

2016-05-10 23:04 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\en-GB

2016-05-02 01:28 - 2015-06-16 17:12 - 00000000 ____D C:\ProgramData\Skype

2016-04-29 19:26 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps

 

==================== Files in the root of some directories =======

 

2013-09-07 18:56 - 2013-09-07 18:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

C:\Users\Alanna\AppData\Local\Temp\avguirn_081703364145.exe

C:\Users\Alanna\AppData\Local\Temp\avguirn_0858788724.exe

C:\Users\Alanna\AppData\Local\Temp\avguirn_08909684095.exe

C:\Users\Alanna\AppData\Local\Temp\BSvcProcessor.exe

C:\Users\Alanna\AppData\Local\Temp\BSvcUpdater.exe

C:\Users\Alanna\AppData\Local\Temp\libeay32.dll

C:\Users\Alanna\AppData\Local\Temp\msvcr120.dll

C:\Users\Alanna\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Alanna\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-05-24 00:52

 

==================== End of FRST.txt ============================

[animalloverabh]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02

Ran by Alanna (2016-05-29 22:16:56)

Running from C:\Users\Alanna\Downloads

Windows 8.1 (Update) (X64) (2013-12-22 21:29:44)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2581172181-3245553297-1029845820-500 - Administrator - Disabled)

Alanna (S-1-5-21-2581172181-3245553297-1029845820-1001 - Administrator - Enabled) => C:\Users\Alanna

Guest (S-1-5-21-2581172181-3245553297-1029845820-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton AntiVirus (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

AS: Norton AntiVirus (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)

Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.100.411.108 - ALPS ELECTRIC CO., LTD.)

Anytime USB Charge Utility (HKLM-x32\...\InstallShield_{A794229E-401E-44D4-A8B5-B21E975676DE}) (Version: 3.0.0.0 - FUJITSU LIMITED)

Anytime USB Charge Utility (Version: 3.0.0.0 - FUJITSU LIMITED) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

AVG (Version: 16.71.7598 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4568 - AVG Technologies) Hidden

AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.32.2.3320 - AVG Technologies)

AVG PC TuneUp (x32 Version: 16.32.5 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.71.7598 - AVG Technologies)

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.1.831 - AVG Technologies)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)

Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)

Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )

Canon MG5300 series User Registration (HKLM-x32\...\Canon MG5300 series User Registration) (Version:  - )

Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.1 - Comodo)

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5505.02 - CyberLink Corp.)

CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3223.0 - CyberLink Corp.)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)

DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0123 - Fujitsu Technology Solutions)

Emergency Download Driver (HKLM-x32\...\{05DBF996-83D0-4C40-8D3A-A6850800BC88}) (Version: 1.1.7.1439 - Nokia)

f.lux (HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\Flux) (Version:  - )

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1221.6 - Sonix)

FMW 1 (Version: 1.82.3 - AVG Technologies) Hidden

Fujitsu BIOS Driver (HKLM-x32\...\InstallShield_{7292FFCF-FA9A-4585-AB80-A71961F931AF}) (Version: 1.1.1.0 - FUJITSU LIMITED)

Fujitsu BIOS Driver (Version: 1.1.1.0 - FUJITSU LIMITED) Hidden

Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)

Fujitsu MobilityCenter Extension Utility (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden

Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.6.0.0 - FUJITSU LIMITED)

Fujitsu System Extension Utility (Version: 3.6.0.0 - FUJITSU LIMITED) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)

LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.5.3.0 - FUJITSU LIMITED)

LIFEBOOK Application Panel (Version: 8.5.3.0 - FUJITSU LIMITED) Hidden

Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia)

Media Go (HKLM-x32\...\{70DB09B8-1BA5-410A-992F-1C1CE288229E}) (Version: 2.9.316 - Sony)

Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)

Media Go Video Playback Engine 2.16.108.12020 (HKLM-x32\...\{D4E76014-8D95-87D9-991F-287823C60736}) (Version: 2.16.108.12020 - Sony)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.7.0.11 - Symantec Corporation)

Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)

OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)

ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.)

Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C2600}) (Version: 12.38.0.3342 - APN, LLC)

Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 7.1.0.1 - FUJITSU LIMITED)

Plugfree NETWORK (Version: 7.1.001 - FUJITSU LIMITED) Hidden

Pointing Device Utility (HKLM-x32\...\InstallShield_{DDC49774-40B9-47AE-9C63-5569C08C4082}) (Version: 2.1.0.0 - FUJITSU LIMITED)

Pointing Device Utility (Version: 2.1.0.0 - FUJITSU LIMITED) Hidden

Power Saving Utility (HKLM-x32\...\InstallShield_{CB0EA768-62F2-450E-88BC-74182237F564}) (Version: 43.0.0.0 (00.002) - FUJITSU LIMITED)

Power Saving Utility (Version: 43.0.0.0 - FUJITSU LIMITED) Hidden

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)

Shopping App by Ask (HKLM-x32\...\{4F564F32-5350-2D53-4154-A758B70C2804}) (Version: 12.40.4.174 - APN, LLC)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)

SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)

The Sims 2 Glamour Life Stuff (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )

The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )

The Sims 2 University (HKLM-x32\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version:  - )

The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)

The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Windows Driver Package - FUJITSU LIMITED (FUJ02B1) System  (06/26/2013 1.23) (HKLM\...\068FEFD9ECB0E04D17792AACEDA1D0A43CD7F82C) (Version: 06/26/2013 1.23 - FUJITSU LIMITED)

Windows Driver Package - FUJITSU LIMITED (FUJ02E3) System  (07/02/2013 1.30.1.0) (HKLM\...\39B67640DB636F6D78D660BE574C0C5DC39D08CF) (Version: 07/02/2013 1.30.1.0 - FUJITSU LIMITED)

Windows Phone Recovery Tool 2.1.1 (HKLM-x32\...\{461efced-58d4-4470-9b4b-5f2fc83704d4}) (Version: 2.1.1 - Microsoft)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia)

WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia)

WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia)

Wireless Radio Switch Driver (HKLM-x32\...\InstallShield_{13031CDF-00D2-4FCE-AB13-8430D8733574}) (Version: 1.1.0.0 - FUJITSU LIMITED)

Wireless Radio Switch Driver (Version: 1.1.0.0 - FUJITSU LIMITED) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {06679362-3319-4285-A48F-BE6869C87050} - System32\Tasks\Fujitsu\Power Saving Utility\Fujitsu Power Saving Utility => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [2013-08-19] (FUJITSU LIMITED)

Task: {0F24E6F6-DBB4-4373-A2CD-EF8C6655D4D4} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN2S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {12B5D8F8-33B7-4DFC-B74C-431F558E8D82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {1A9106AE-63E3-4B7A-BA4D-69F00DC43FCE} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartBtnHndHKB => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {1C298604-2BF7-4180-BE61-63374EBBF19F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {271A7278-F96F-4AF7-A961-63DCD604F1A9} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN6S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {2992C8A1-2151-452A-A483-3BF175E7F1E6} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN3S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {2E322890-68B5-4887-9B46-39C581A3186A} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN1S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {2E9829CF-F7CD-4D5B-BA6B-2DE00817224B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2581172181-3245553297-1029845820-1001

Task: {3526E9DD-3519-4E8B-844E-DD967CF33B9A} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN1S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {35B57FA8-1D9B-4094-9DBA-7D240FDE05AE} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-03-29] (AVG Technologies CZ, s.r.o.)

Task: {41B8531B-2064-4F65-9C60-92924249527E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-05-10] (Microsoft Corporation)

Task: {41CA72A4-0270-4692-87D5-571873AA61F6} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN5S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {4FBB71F7-ED46-4778-973A-B7AC68BAA958} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnWakeupNow => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {5679FD67-586B-4F0F-84A4-F0D40E5D87C9} - System32\Tasks\Fujitsu\ApplicationPanel\DisableBtnHndStartQuickTouchOnWakeupAtLogon => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {5809F215-AEA1-4D73-A36B-2BC010D04EA8} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndCheckOnWakeup => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {59F49AC5-E36F-48EB-A2D3-1FBFDF1A4147} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnWakeupAtLogon => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {6349569C-9D87-44E6-9AD2-024C62E37D11} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN5S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {6697FAD2-9920-4793-A57E-5222C0F2E4FF} - System32\Tasks\Fujitsu\PointingDeviceUtility\ToggleIPD => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)

Task: {66B55D72-4384-49B5-9597-22F2E9917EA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {681034D0-FFDB-4421-B9D8-56F97201033B} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN3S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {71F840B4-B630-4E34-8ADA-BFBAE4F7D3C9} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2015-07-27] (Symantec Corporation)

Task: {7FF08932-1874-44CC-899E-E5C8DC115761} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {8019DEFA-030D-4336-A447-CA2A0D87097A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2581172181-3245553297-1029845820-1001Core => C:\Users\Alanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-03] (Facebook Inc.)

Task: {8264B660-1B79-4515-AFF9-B93354206365} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndSetWakeupSetting => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {82B929E4-A212-4509-9457-5E3F85DD64C6} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndCheckOnWakeupBySwitch => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {861BEA58-73C9-40DE-86EE-59376286E42A} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetShowNotificationOff => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)

Task: {95A515DD-E9A0-4D97-AC8B-36C0B47108F4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)

Task: {AE286F8B-2DC1-4CD8-ACFA-B8D26CE634E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {AE9946BB-4472-4C15-BD4C-4E907145247A} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetShowNotificationOn => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)

Task: {B06FCB42-E4E9-4117-AE8F-E705AD725A3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

Task: {B1084C08-0AAE-4652-8BD2-7A31A271F451} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)

Task: {BC761DA6-8D6A-4D3C-AF89-FBB923231171} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN6S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {C959F692-D38C-4EB7-8C1D-186F78BBA2B5} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN2S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {D2E06237-757B-4E5A-8860-A1D4606F6DA6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HEMPANATOR-Alanna hempanator => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)

Task: {DB1742CD-37E2-45F6-96FA-BC9F5CF1E409} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {DE444558-BA06-454E-8A2B-53C12B43E688} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2581172181-3245553297-1029845820-1001UA => C:\Users\Alanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-03] (Facebook Inc.)

Task: {E16C2DB5-9C96-4572-AA7A-B728427725E0} - System32\Tasks\{506166C2-25BD-4DC6-A586-4FD1EBC14569} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?page=tsProgressBar

Task: {E28646E0-165E-4F82-AC75-80EA017CDC28} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-movealongthebus@googlemail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe <==== ATTENTION

Task: {EED88C77-BDE9-4EBD-BA64-7CD60BB58D18} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndStartQuickTouchOnABN4S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {F2C7465F-E637-4F2C-9C51-4A44E768C0CF} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F40B65F6-77C0-4785-98D3-4210B9924EA7} - System32\Tasks\Fujitsu\ApplicationPanel\BtnHndOnABN4S0 => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [2013-07-08] (FUJITSU LIMITED)

Task: {FA6D9436-FE60-4E65-80EF-30F287D3411D} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {FADC7239-F6E2-4AF5-9B72-21E337E71750} - System32\Tasks\Fujitsu\PointingDeviceUtility\SetDriverIfFuj02b1DisableOnLogon => C:\Program Files\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe [2013-08-12] (FUJITSU LIMITED)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2581172181-3245553297-1029845820-1001Core.job => C:\Users\Alanna\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2581172181-3245553297-1029845820-1001UA.job => C:\Users\Alanna\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-08-26 07:34 - 2013-08-02 11:47 - 00086872 _____ () C:\Program Files\Apoint2K\HidMonitorSvc.exe

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-09-07 18:48 - 2013-08-08 05:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2016-05-12 23:57 - 2016-05-11 12:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll

2016-05-12 23:57 - 2016-05-11 12:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\StartupApproved\Run: => "ooVoo.exe"

HKU\S-1-5-21-2581172181-3245553297-1029845820-1001\...\StartupApproved\Run: => "AdobeBridge"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{E9DC418A-0BF9-4034-9CB3-381C5853166B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{3F2F2B32-9503-4D21-9454-455E261F576B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{4F76C034-1E61-4A94-BC6C-F512D5713509}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [{1F15A123-A35A-4057-8D66-425E2ED9C281}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{06300B16-432E-4E5C-9913-C1E13B0C85A6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{5E12CA7E-AADD-4A14-B835-0EF219CC3752}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{9BA1BE93-561E-4E2C-A2BC-9D2843719827}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{1BD6C073-3335-46F4-9877-F9EA6AF464D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{B6AF2902-6C35-4720-BCC7-1FD3815264E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{C0F85A32-61A9-4E6F-ACA5-ABEFF55B3A61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{97CF830B-B537-4DE3-AEB1-330DB30DEA02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{369CAAB3-FFFA-4193-A4A2-B7FB61FC81FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{A17B9E1F-4D91-4153-8BE0-A39DA6215077}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

FirewallRules: [{8AECF3CB-0FAA-47F6-B0CF-7459F7D45AEA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

FirewallRules: [{14BBA612-B47A-4FA1-87EE-ACA818D7B152}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{485DC8F9-8B1D-492A-9CD7-D413700E9C97}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{3E9893F4-BABA-4225-9746-A997B2C9B1BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{04F2E74C-1CA2-40DC-B081-677837112F7A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{5D8F48B0-0C2B-43B8-847B-D3A832C9AF67}] => (Allow) C:\Users\Alanna\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [TCP Query User{AEE1740C-4017-489D-BBA3-E4BBCAF0D08C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{8C25989F-A0BE-4A24-BB45-F2BF696223A2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{A2975FF5-0F5D-431E-B942-D2C8A9F670EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E0E6E158-6E96-4C7D-9358-94CD1E72D2FC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{27D12D7D-F346-4CBD-8E68-BC3FCC0C31F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{55A52BF9-051A-484F-98B9-308319A2AFE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{D4489D7A-04B4-4628-B58A-C4176AC00E4F}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{723E8C9B-89C3-4C47-8E21-5D718B83253B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{CA06E220-9AB8-4879-BE62-F8B00FDF5E05}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{0ED4E1F6-C56C-48F0-BF54-93DE881F3106}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{92FF583F-2154-4DD9-B0BB-296A7465639F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{B0887944-C790-41C5-99F5-7B38FB650DF3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{4140F3BB-600D-476F-B84F-C605F8A3D68D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{D9BC4E09-CA67-489A-BBB4-F6EEDE00201C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

 

==================== Restore Points =========================

 

14-05-2016 09:29:16 Windows Update

23-05-2016 18:47:07 Scheduled Checkpoint

29-05-2016 22:05:36 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/29/2016 10:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 123c

 

Start Time: 01d1b9ece9ca34e3

 

Termination Time: 4294967295

 

Application Path: C:\windows\syswow64\wwahost.exe

 

Report Id: df2b8571-25e0-11e6-82b8-681729d24acd

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (05/29/2016 10:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1244

 

Start Time: 01d1b9ece9d15c09

 

Termination Time: 4294967295

 

Application Path: C:\windows\system32\backgroundTaskHost.exe

 

Report Id: dcfe8276-25e0-11e6-82b8-681729d24acd

 

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

 

Faulting package-relative application ID: App

 

Error: (05/29/2016 09:50:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8

Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb

Exception code: 0xc0000005

Fault offset: 0x000000000003dd8e

Faulting process ID: 0x55fdc

Faulting application start time: 0xAUDIODG.EXE0

Faulting application path: AUDIODG.EXE1

Faulting module path: AUDIODG.EXE2

Report ID: AUDIODG.EXE3

Faulting package full name: AUDIODG.EXE4

Faulting package-relative application ID: AUDIODG.EXE5

 

Error: (05/29/2016 07:53:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1203

 

Error: (05/29/2016 07:53:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1203

 

Error: (05/29/2016 07:53:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/29/2016 07:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9647734

 

Error: (05/29/2016 07:37:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9647734

 

Error: (05/29/2016 07:37:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/29/2016 04:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 3625

 

 

System errors:

=============

Error: (05/29/2016 10:18:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 10:18:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 10:14:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 10:14:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 10:07:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Norton Identity Safe service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (05/29/2016 10:04:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 10:04:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 10:03:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Intel® Management and Security Application Local Management Service service did not respond on starting.

 

Error: (05/29/2016 09:59:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (05/29/2016 09:59:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

 

CodeIntegrity:

===================================

  Date: 2016-05-29 22:14:48.789

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:14:48.241

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:14:42.010

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:14:41.461

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:10:09.875

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:10:09.428

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:07:49.275

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:07:48.527

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:07:47.386

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-05-29 22:07:46.714

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU 1000M @ 1.80GHz

Percentage of memory in use: 48%

Total physical RAM: 8082.06 MB

Available physical RAM: 4152.06 MB

Total Virtual: 14738.06 MB

Available Virtual: 10215.27 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:681.51 GB) (Free:451.01 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

[animalloverabh]

also, thank you for the detailed response, have i done this right?

[RKinner]

Perfectly.

 

Since AVG has expired let's get rid of it and your out of date & disabled Norton and install the free Avast.

 

http://www.avast.com/index

Click on Download then choose the free version.

 

 

Download, Save but don't install yet.

 

Download and save the norton removal tool

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Uninstall Norton AntiVirus 

Run the Norton Removal tool.

 

Download and save the AVG removal tool

http://download.avg....6_2011_1184.exe

 

Uninstall AVG

 

Run the Avg Remover

 

 

Reboot.  Right click on the Avast installer you downloaded and Run As Administrator.

 

 

 

[animalloverabh]

 It said that a programme has caused norton remover to stop working? 

[animalloverabh]

I fixed that problem - new problem now is that the avg remover gets past the 'allow avg remover to change settings etc' I click yes then a black window appears for a few seconds but closes on itself?

[RKinner]

I think that's normal for AVG remover.  Go ahead and right click on the AVAST installer  and Run as Administrator

 

Once it installs

 

Run FRST, check Addition.txt, then SCAN.  Post both logs.

[animalloverabh]

AVG is still here, when I try to delete it manually it says it's denied. That i need permission from SYSTEM to do such thing. ??

[RKinner]

Get Process Explorer:

 

http://live.sysinter...com/procexp.exe

Save it to your desktop then right click and Run As Administrator  

 

See if you can right click on each process that starts with AVG and Kill Process.  Then try to uninstall AVG.

Run the AVG removal tools by right clicking and Run As Admin.

 

If it still won't go away then run FRST again, check the Addition.txt box and then SCAN and post both logs.  We will let FRST remove AVG with a FIxlist after I see the logs.

[animalloverabh]

       The set up looks different; how do i run those scans?

[RKinner]

I may have given you the 32 bit version of the AVG remover.  Try this one:

 

http://download.avg....AVG_Remover.exe

 

Save it and right click and Run As Admin.

 

Reboot when done.

 

Right click on FRST64.exe and Run As Admin.

 

Check the box in front of Addition.txt

 

Click on Scan.

 

You should get two logs.  Copy and paste them into a Reply.