Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Inspiron N4110 laptop is running very slow. PLEASE HELP!

Dell Inspiron N4110 Dell Inspiron N4110 laptop slow malware virus spyware Windows 7

  • Please log in to reply

#1
vraskin

vraskin

    Member

  • Member
  • PipPip
  • 20 posts

My laptop is running very slow. Today it took it about 15 minutes to turn on, and every time I try to shut it down it asks me to force a shut down even though I've closed all my applications. Sometimes when I turn my computer on, the screen goes black and a windows error recovery message pops up (the messages differ, but most of them say to start windows regularly or etc...).  I think my laptop may be infected with a virus or some kind of malware, but I don't know how to remove or clean them out. It's a Dell Inspiron N4110, running on Windows 7. Please help me, I have no idea what to do!


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
     
  • Get FRST from
  • You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     

    • 0

    #3
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    # AdwCleaner v6.020 - Logfile created 16/09/2016 at 21:24:21
    # Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-17.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Victoria - VICTORIA-LAPTOP
    # Running from : C:\Users\Victoria\Desktop\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
     
     
    ***** [ Folders ] *****
     
    [-] Folder deleted: C:\Users\Victoria\AppData\Roaming\PC Cleaners
     
     
    ***** [ Files ] *****
     
    [-] File deleted: C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\63tnfvwj.default\searchplugins\bingp.xml
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
     
     
    ***** [ Registry ] *****
     
    [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0328b630-ea94-4fa3-9f27-8250b6324ddb}
    [-] Key deleted: HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\PCCleaners
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Video downloader
    [#] Key deleted on reboot: HKCU\Software\PCCleaners
    [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Video downloader
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Video downloader
    [#] Key deleted on reboot: [x64] HKCU\Software\PCCleaners
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
    [-] Value deleted: HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
    [#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
    [#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
    [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
    [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
     
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C0].txt - [3165 Bytes] - [16/09/2016 21:24:21]
    C:\AdwCleaner\AdwCleaner[R0].txt - [37171 Bytes] - [09/04/2015 23:31:04]
    C:\AdwCleaner\AdwCleaner[R1].txt - [37231 Bytes] - [10/04/2015 00:33:05]
    C:\AdwCleaner\AdwCleaner[S0].txt - [36431 Bytes] - [10/04/2015 00:34:40]
    C:\AdwCleaner\AdwCleaner[S1].txt - [3489 Bytes] - [16/09/2016 21:14:06]
    C:\AdwCleaner\AdwCleaner[S2].txt - [3562 Bytes] - [16/09/2016 21:23:26]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3606 Bytes] ##########

    • 0

    #4
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x64 
    Ran by Victoria (Administrator) on 16/09/2016 at 21:34:22.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 93 
     
    Failed to delete: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RRC57WS (Temporary Internet Files Folder) 
    Failed to delete: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Z2A2AHV (Temporary Internet Files Folder) 
    Failed to delete: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB8815UQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\ProgramData\pc1data (Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\{07376E07-58B1-48F5-9DDE-C39CF65F4216} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{10CF3876-7B3D-4120-ADF2-4D9BD0E84885} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{132595E7-C7CE-4A42-8C9C-C8604FE081B4} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{13D4707C-43A5-4D14-A5C3-41879AF74600} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{1AE6D164-89EB-44DD-9158-F0B58E2E95CA} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{1AEA0C82-4316-493A-8A4E-298D354DD935} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{2027C93E-BB7F-469A-92BE-79097A2E91B4} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{29169E4D-87D3-43F8-A965-8134652A4560} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{303DFC05-30CA-468B-B753-9B374B638ACE} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{3CF3CDDA-647A-4575-A239-C88485F36254} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{3F6AD421-1071-4A49-8746-A3F35F2A3E11} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{404766FA-1568-423A-9527-8FAEDCE38288} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{42C8DFBD-72BC-40FC-9442-0FA67561EDA8} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{45C65D4F-B211-4F5D-955E-A0DCB9128083} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{50B7D8A8-6371-4467-8006-988E9B9FEDA7} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{55B7F30A-6425-4ABC-BBF1-D7C58CDD8E58} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{5BAA864A-E9ED-4B94-875E-D236C7C51D1A} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{64291E87-BE70-4C81-B540-4410709D536F} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{6769E53F-EE44-4435-BBD8-0C2F4561031A} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{7337E0F2-878B-4AC5-81AF-AD8997026404} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{78096BDA-BDD5-4341-B9FA-BB06A78F6E97} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{846C2497-32CB-4A8B-88E2-2D9A59DD6284} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{88B48A1A-E216-44DA-B80B-45E4B3BA4339} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{8A5A4C8C-7F34-4912-A338-0096B55D59E2} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{8AD5B897-9121-49E3-A044-03F82B2BD185} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{8EC89D11-E3C4-4A9E-A148-5686A2B588F9} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{8EFEF7C0-0EB0-41D7-AA54-4E723FF6C44C} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{B16DB98A-B01D-4355-8CF6-B24C7BB4E22E} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{BD42DECB-BA37-4759-9808-99057559951A} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{C0F3021A-A01D-43D4-B339-C260C2E375C1} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{C6C24F8B-A829-458C-8159-AB1023534759} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{CA435971-0FA7-428A-BBE7-A5BBE72412DD} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{CA5A8CC0-FF0B-4C51-A78B-04A15282FB33} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{CD58F35E-9B31-4C8F-ACC3-F009E0C85219} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{D1F77AE3-CF8C-466E-9592-1879092B150E} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{DA0D3555-D80F-4480-8DF8-EB4DAD421E3F} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{DE6D77ED-B0A0-4B44-959E-543F907BBB53} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{E52825CC-0D47-4CBD-9B6C-B0D89FEF2601} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{E8859304-45BC-4CA1-A454-9ABBD86CFE35} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{EE576CDE-78BD-4214-8672-534F9B5FF82F} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Local\{F0DEEC0D-3E6C-4475-AE41-0F5D97766D18} (Empty Folder)
    Successfully deleted: C:\Users\Victoria\AppData\Roaming\pcpro (Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Roaming\w3i, llc (Folder) 
    Successfully deleted: C:\Users\Victoria\Start Menu\Programs\system progressive protection (Folder) 
    Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JVGX8XX (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17QTQAKA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JZXD7UG (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\848VZV49 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEFBY481 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHBKQ8EP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZKIEK47 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG2J0NP1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4PJXBXB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFQV6XAU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW9RSHK1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TILHC01I (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN0ZD686 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKSPCQBZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ0DGMT8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Victoria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCGMZQHQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JVGX8XX (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17QTQAKA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JZXD7UG (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RRC57WS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Z2A2AHV (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\848VZV49 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BEFBY481 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHBKQ8EP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZKIEK47 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GG2J0NP1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4PJXBXB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFQV6XAU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW9RSHK1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PB8815UQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TILHC01I (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN0ZD686 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKSPCQBZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQ0DGMT8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCGMZQHQ (Temporary Internet Files Folder) 
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 16/09/2016 at 21:37:49.36
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #5
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016
    Ran by Victoria (administrator) on VICTORIA-LAPTOP (16-09-2016 21:44:43)
    Running from C:\Users\Victoria\Desktop
    Loaded Profiles: Victoria (Available Profiles: Victoria)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    () C:\Windows\SysWOW64\srvany.exe
    () C:\Windows\kmsem\KMService.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor)
    HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
    HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10365952 2011-05-19] (Intel Corporation)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
    HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [Facebook Update] => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-23] (Facebook Inc.)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [BingSvc] => C:\Users\Victoria\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\MountPoints2: {61692c6d-198a-11e2-b0df-4c80931bc762} - E:\SETUP.EXE
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\MountPoints2: {e9cdb81a-6199-11e2-a440-4c80931bc762} - F:\EMP_UDSe.exe /autorun
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-31] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-04]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-11-22]
    ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{03014E09-839E-41F6-80A1-797F54D74809}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{3001E30A-C697-41F1-A39E-FBD30C36FC47}: [DhcpNameServer] 64.71.255.198 64.71.255.253
    Tcpip\..\Interfaces\{336F4982-CC0F-4A90-883E-2A31F571FE7B}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{E8458210-2EAB-4DEA-96E5-0C0670468E4F}: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{EA32591A-3448-48AC-AF25-5FF6D0611586}: [DhcpNameServer] 13.36.0.1 13.36.0.2
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ca
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/23
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.ca/
    SearchScopes: HKLM -> {DCD22AA0-4441-4F03-AB5C-40AC395BA612} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {DCD22AA0-4441-4F03-AB5C-40AC395BA612} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-31] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-23] (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-23] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-31] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-23] (Oracle Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://portal.stantec.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Victoria\AppData\Roaming\Mozilla\Firefox\Profiles\63tnfvwj.default
    FF DefaultSearchEngine: Bing 
    FF DefaultSearchEngine.US: Bing 
    FF SearchEngineOrder.3: Bing 
    FF SelectedSearchEngine: Bing 
    FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ca
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-23] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File]
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-23] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-23] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-27] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-27] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3409012477-161722196-2897755183-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Victoria\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-06-27] (RocketLife, LLP)
    FF Plugin HKU\S-1-5-21-3409012477-161722196-2897755183-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Victoria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-02]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-02]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
    CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
    CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll => No File
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll => No File
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Victoria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    CHR Plugin: (Google Update) - C:\Users\Victoria\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    CHR Profile: C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Adblock Plus) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
    CHR Extension: (AdBlock) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
    CHR Extension: (Chrome Media Router) - C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-16]
    CHR HKLM\...\Chrome\Extension: [khldgopgjjapmbkgflpoclebjjmkmbnk] - C:\Program Files\Video downloader\source.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [khldgopgjjapmbkgflpoclebjjmkmbnk] - C:\Program Files\Video downloader\source.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-31] (AVAST Software)
    S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-09-02] (AVAST Software)
    R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
    R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
    R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-02-01] () [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
    R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-09-02] (AVAST Software)
    R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-09-02] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-31] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-31] (AVAST Software)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-09-16 21:44 - 2016-09-16 21:45 - 00024114 _____ C:\Users\Victoria\Desktop\FRST.txt
    2016-09-16 21:43 - 2016-09-16 21:44 - 00000000 ____D C:\FRST
    2016-09-16 21:42 - 2016-09-16 21:42 - 02399232 _____ (Farbar) C:\Users\Victoria\Desktop\FRST64.exe
    2016-09-16 21:37 - 2016-09-16 21:37 - 00013097 _____ C:\Users\Victoria\Desktop\JRT.txt
    2016-09-16 21:31 - 2016-09-16 21:31 - 01610560 _____ (Malwarebytes) C:\Users\Victoria\Desktop\JRT.exe
    2016-09-16 20:46 - 2016-09-16 20:46 - 03861056 _____ C:\Users\Victoria\Downloads\8148.tmp
    2016-09-16 20:37 - 2016-09-16 20:37 - 03861056 _____ C:\Users\Victoria\Desktop\AdwCleaner.exe
    2016-09-05 14:41 - 2016-09-05 14:41 - 00017535 _____ C:\Users\Victoria\Downloads\schedule_1194-16-09-05.pdf
    2016-09-02 00:20 - 2016-09-02 00:20 - 00001884 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
    2016-09-02 00:20 - 2016-09-02 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-09-02 00:17 - 2016-09-02 00:16 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
    2016-09-02 00:17 - 2016-08-31 16:54 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-09-02 00:16 - 2016-09-02 00:16 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
    2016-09-01 15:53 - 2016-09-01 15:53 - 00000359 _____ C:\Users\Victoria\Documents\Recycle Bin - Shortcut.lnk
    2016-09-01 15:37 - 2016-09-01 15:37 - 00000000 ____D C:\Users\Victoria\Desktop\Taxes
    2016-09-01 15:25 - 2016-09-01 15:26 - 00000000 ____D C:\Users\Victoria\Desktop\Voice Over
    2016-09-01 13:23 - 2016-09-01 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undelete360
    2016-09-01 13:23 - 2016-09-01 13:23 - 00000000 ____D C:\Program Files (x86)\File Recovery
    2016-08-31 17:46 - 2016-08-31 17:03 - 267139930 _____ C:\Users\Victoria\Desktop\Ransom - V Raskin.mp4
    2016-08-31 16:54 - 2016-08-31 16:54 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-08-26 21:38 - 2016-08-26 22:06 - 00000000 ____D C:\Users\Victoria\Downloads\SCHOOL
    2016-08-26 21:38 - 2016-08-26 22:04 - 00000000 ____D C:\Users\Victoria\Downloads\AUDITION TAPES
    2016-08-26 21:28 - 2016-08-26 21:50 - 00000000 ____D C:\Users\Victoria\Downloads\AUDITION APPOINTMENTS
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-09-16 21:45 - 2012-02-04 02:14 - 00000000 ____D C:\Users\Victoria\AppData\Roaming\Skype
    2016-09-16 21:43 - 2015-04-09 02:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-16 21:40 - 2012-12-10 20:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-09-16 21:33 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-16 21:33 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-16 21:26 - 2015-04-09 02:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-16 21:26 - 2012-02-27 16:02 - 00000478 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
    2016-09-16 21:26 - 2011-11-22 07:09 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-09-16 21:26 - 2011-11-22 07:09 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-09-16 21:26 - 2011-11-22 07:05 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-09-16 21:25 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-09-16 21:24 - 2015-04-09 23:30 - 00000000 ____D C:\AdwCleaner
    2016-09-16 21:09 - 2014-07-13 01:07 - 00000000 ____D C:\Users\Victoria\AppData\Local\CrashDumps
    2016-09-16 20:57 - 2016-07-02 22:44 - 00000420 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
    2016-09-16 20:50 - 2012-07-23 23:45 - 00000940 ____H C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA.job
    2016-09-16 20:19 - 2012-07-23 23:45 - 00000918 ____H C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core.job
    2016-09-16 20:16 - 2015-04-09 02:09 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-09-16 20:16 - 2015-04-09 02:09 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-09-16 20:13 - 2013-03-04 15:23 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-09-14 20:43 - 2012-12-10 20:45 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-09-14 20:43 - 2012-12-10 20:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-09-14 20:43 - 2012-12-10 20:45 - 00000000 ____D C:\Windows\system32\Macromed
    2016-09-14 20:43 - 2011-11-22 06:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-09-14 20:43 - 2011-11-22 06:37 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-09-14 18:47 - 2013-03-04 15:23 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2016-09-12 01:26 - 2009-07-13 22:13 - 00006036 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-09-02 01:10 - 2015-06-12 10:37 - 00000000 ____D C:\Users\Victoria\Documents\Tickets!
    2016-09-02 00:19 - 2016-07-12 21:13 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468383217
    2016-09-02 00:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-09-01 15:41 - 2014-10-20 11:02 - 00000000 ____D C:\Users\Victoria\Documents\Work
    2016-09-01 15:39 - 2013-06-26 22:13 - 00000000 ____D C:\Users\Victoria\Documents\UBC
    2016-09-01 15:35 - 2012-01-16 23:13 - 00000000 ____D C:\Users\Victoria\.frostwire5
    2016-09-01 15:34 - 2013-04-16 20:03 - 00000000 ____D C:\Users\Victoria\Desktop\Acting
    2016-09-01 15:33 - 2014-03-26 13:54 - 00000000 ____D C:\Users\Victoria\Desktop\Scenes
    2016-09-01 15:32 - 2015-07-29 13:10 - 00000000 ____D C:\Users\Victoria\Desktop\Modeling Portfolio
    2016-09-01 02:21 - 2013-02-24 15:32 - 04364288 ___SH C:\Users\Victoria\Downloads\Thumbs.db
    2016-08-31 16:54 - 2014-07-29 23:15 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-08-31 16:54 - 2014-07-29 23:15 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-08-31 16:54 - 2013-03-04 15:23 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-08-31 16:54 - 2013-03-04 15:23 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2016-08-31 16:54 - 2013-03-04 15:23 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-08-31 16:54 - 2013-03-04 15:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-08-31 16:54 - 2013-03-04 15:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-08-31 16:53 - 2016-07-11 21:49 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-08-29 16:51 - 2013-01-23 16:20 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-08-29 16:50 - 2011-11-22 07:07 - 00000000 ___HD C:\ProgramData\Skype
    2016-08-26 22:02 - 2013-04-07 16:09 - 00000000 ____D C:\Users\Victoria\Downloads\EVERYTHING ELSE; Things I Don't Even Know What They Are
    2016-08-26 22:02 - 2013-04-07 15:57 - 00000000 ____D C:\Users\Victoria\Downloads\Scripts
    2016-08-26 21:04 - 2012-04-01 16:03 - 00000000 ____D C:\Users\Victoria\Documents\From Main Computor
     
    ==================== Files in the root of some directories =======
     
    2011-12-06 03:12 - 2011-12-06 03:13 - 0000048 _____ () C:\Users\Victoria\AppData\Local\84756-11986-27475-00TC1-94865
    2011-12-07 01:21 - 2015-11-10 17:53 - 0092672 _____ () C:\Users\Victoria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-10-06 18:53 - 2013-02-27 20:59 - 0000112 ____H () C:\ProgramData\3yaBHEH.dat
    2015-12-12 22:51 - 2015-12-12 22:51 - 0000057 _____ () C:\ProgramData\Ament.ini
    2012-10-06 18:53 - 2012-10-06 18:53 - 0000001 ____H () C:\ProgramData\d0071mYt.exe.b
    2012-10-06 18:53 - 2012-10-06 18:53 - 0000001 ____H () C:\ProgramData\d0071mYt.exe_.b
     
    Files to move or delete:
    ====================
    C:\ProgramData\3yaBHEH.dat
     
     
    Some files in TEMP:
    ====================
    C:\Users\Victoria\AppData\Local\Temp\54E2.exe
    C:\Users\Victoria\AppData\Local\Temp\apjl1hrx.dll
    C:\Users\Victoria\AppData\Local\Temp\BingSvc.exe
    C:\Users\Victoria\AppData\Local\Temp\BSvcProcessor.exe
    C:\Users\Victoria\AppData\Local\Temp\BSvcUpdater.exe
    C:\Users\Victoria\AppData\Local\Temp\i5hys9_e.dll
    C:\Users\Victoria\AppData\Local\Temp\jre-8u51-windows-au.exe
    C:\Users\Victoria\AppData\Local\Temp\khkaqxcg.dll
    C:\Users\Victoria\AppData\Local\Temp\libeay32.dll
    C:\Users\Victoria\AppData\Local\Temp\msvcr120.dll
    C:\Users\Victoria\AppData\Local\Temp\Quarantine.exe
    C:\Users\Victoria\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Victoria\AppData\Local\Temp\sqlite3.dll
    C:\Users\Victoria\AppData\Local\Temp\t8vvo5hv.dll
    C:\Users\Victoria\AppData\Local\Temp\ukvjgfpn.dll
    C:\Users\Victoria\AppData\Local\Temp\z09kv1v7.dll
    C:\Users\Victoria\AppData\Local\Temp\_zgsxj8g.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-08-29 19:32
     
    ==================== End of FRST.txt ============================

    • 0

    #6
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
    Ran by Victoria (16-09-2016 21:45:56)
    Running from C:\Users\Victoria\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-02 09:06:33)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-3409012477-161722196-2897755183-500 - Administrator - Disabled)
    Guest (S-1-5-21-3409012477-161722196-2897755183-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3409012477-161722196-2897755183-1002 - Limited - Enabled)
    Victoria (S-1-5-21-3409012477-161722196-2897755183-1000 - Administrator - Enabled) => C:\Users\Victoria
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Avast Internet Security (HKLM-x32\...\avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    GeoGebraPrim (HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\GeoGebraPrim) (Version:  - International GeoGebra Institute)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Photo Creations (HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\HP Photo Creations) (Version: 1.0.0.20912 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
    Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Russian Phonetic YaZHert - RusWin.net (HKLM\...\{B4AB2BF1-AE6B-46AF-8809-56743597CCAF}) (Version: 1.0.3.40 - personal)
    SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
    Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
    TouchCopy (HKLM-x32\...\{004C99C2-C367-482C-9CEF-1DFA71CB730E}) (Version: 3.17 - Wide Angle Software)
    Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {0DD051B3-4FFA-44A0-8462-92C333235766} - System32\Tasks\{A75858B5-C700-4A69-8342-33B2E62FECF3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102.320/en/abandoninstall?page=tsProgressBar
    Task: {20048800-671E-4F57-94F6-6F5CF391F751} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23] (Facebook Inc.)
    Task: {32A8FC69-C890-4A63-A1CF-B979DD514A3A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {41720EEA-8D50-4056-94F1-5BB9919F8C70} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
    Task: {4B6C1411-43F7-48DA-8749-5EC52789DD85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA => C:\Users\Victoria\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {4E70978F-73DA-4483-BF9F-BC184D3E72F3} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2012\Messages\SDNotify.exe [2011-09-26] ()
    Task: {5303E6CB-435B-4676-867D-ECB7B4F7052F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
    Task: {59175C98-4639-4D2D-8AD6-B8B939C25959} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
    Task: {612D8003-1479-4A0D-A465-5B144DB720B3} - System32\Tasks\SafeZone scheduled Autoupdate 1468383217 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {7B5334FB-0A95-4EC0-954A-D8BB820F3476} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23] (Facebook Inc.)
    Task: {9907018E-D537-433A-9EEE-FF9DCA97E6D4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
    Task: {A430948B-5148-4E12-8D48-27770036BE44} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {AA7B363F-6BEA-49F9-A2DB-7B5061B118A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-09] (Google Inc.)
    Task: {B1A0C211-6E5D-4B64-96CF-AA7DC5AAB9D8} - System32\Tasks\{40DD8FD8-8B45-4A5E-BAB3-B1529E8D0E74} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {B672B655-0524-4DB6-938D-DA52D41F1C19} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Victoria\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-06-27] ()
    Task: {BDD219E9-DA08-4963-B7BB-21DE5B12E1C6} - System32\Tasks\Run CCleaner => C:\Program Files\CCleaner\CCleaner64.exe [2013-02-25] (Piriform Ltd)
    Task: {DD68A25E-09D1-4869-B44C-325BB384057E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
    Task: {F91640DB-B625-4E86-A2AB-FF9A2C9D589A} - System32\Tasks\HP AR Program Upload - 7047c0b2d0464a2584f9c4091cb2e0e7142c23b0f3354d2e8a852bf116680dce => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core.job => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA.job => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Victoria\AppData\Roaming\HP Photo Creations\Communicator.exe
    Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PTE -V20000101 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebraPrim\GeoGebra Forum.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.geogebra.org/forum/
    ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebraPrim\GeoGebraWiki (German).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.geogebra.org/de/wiki/
    ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebraPrim\GeoGebraWiki (International).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.geogebra.org/en/wiki/
    ShortcutWithArgument: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebraPrim\www.geogebra.org.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.geogebra.org/
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2011-07-27 19:07 - 2011-07-27 19:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-02-01 00:07 - 2012-02-01 00:02 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
    2012-02-01 00:07 - 2012-02-01 00:07 - 00151622 _____ () C:\Windows\kmsem\KMService.exe
    2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-08-31 16:54 - 2016-08-31 16:54 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-16 20:13 - 2016-09-16 20:13 - 03086136 _____ () C:\Program Files\AVAST Software\Avast\defs\16091601\algo.dll
    2016-08-31 16:54 - 2016-08-31 16:54 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2012-02-01 00:07 - 2012-02-01 00:02 - 00032768 _____ () C:\Windows\kmsem\Shadow.KMS
    2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-07-11 21:48 - 2016-07-11 21:48 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-09-16 20:16 - 2016-09-13 17:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
    2016-09-16 20:16 - 2016-09-13 17:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 19:34 - 2015-12-04 13:43 - 00000856 ____A C:\Windows\system32\Drivers\etc\hosts
     
    0.0.0.1 mssplus.mcafee.com
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.171.122
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    mpsdrv => Firewall Service is not running.
    MpsSvc => Firewall Service is not running.
    bfe => Firewall Service is not running.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupreg: HaDBaVsVgnyPs.exe => C:\ProgramData\HaDBaVsVgnyPs.exe
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== Restore Points =========================
     
    24-08-2016 18:39:46 Scheduled Checkpoint
    02-09-2016 00:18:16 Device Driver Package Install: Avast Network Service
    16-09-2016 21:34:26 JRT Pre-Junkware Removal
    Check "winmgmt" service or repair WMI.
     
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid: 
    Manufacturer: 
    Service: 
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (09/16/2016 09:08:48 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
    Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
    Exception code: 0x40000015
    Fault offset: 0x00052d24
    Faulting process id: 0x1aac
    Faulting application start time: 0x01d210992602ac74
    Faulting application path: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    Faulting module path: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    Report Id: 6e71c4a3-7c8c-11e6-a581-4c80931bc762
     
    Error: (09/15/2016 08:07:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15538
     
    Error: (09/15/2016 08:07:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 15538
     
    Error: (09/15/2016 08:07:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (09/15/2016 03:37:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2512
     
    Error: (09/15/2016 03:37:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2512
     
    Error: (09/15/2016 03:37:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (09/14/2016 08:51:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3666
     
    Error: (09/14/2016 08:51:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3666
     
    Error: (09/14/2016 08:51:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
     
    System errors:
    =============
    Error: (09/16/2016 09:43:42 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Avast Firewall service depends the following service: BFE. This service might not be installed.
     
    Error: (09/16/2016 09:27:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
     
    Error: (09/16/2016 09:26:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
     
    Error: (09/16/2016 09:26:02 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
     
    Error: (09/16/2016 09:26:00 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
     
    Error: (09/16/2016 09:25:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Computer Browser service terminated with the following error: 
    The specified service does not exist as an installed service.
     
    Error: (09/16/2016 09:25:48 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
    Description: The Avast Firewall service depends the following service: BFE. This service might not be installed.
     
    Error: (09/16/2016 09:25:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service service failed to start due to the following error: 
    The system cannot find the path specified.
     
    Error: (09/16/2016 09:25:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Print Spooler service failed to start due to the following error: 
    The system cannot find the path specified.
     
    Error: (09/16/2016 09:25:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.
     
    Module Path: C:\Windows\System32\IWMSSvc.dll
     
     
    CodeIntegrity:
    ===================================
      Date: 2016-08-30 19:31:50.181
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-30 19:31:50.072
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-29 16:41:04.148
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-29 16:41:03.976
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-29 02:00:10.808
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-29 02:00:09.170
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-28 15:49:48.458
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-28 15:49:47.975
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-28 01:48:32.074
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-08-28 01:48:31.746
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3990.17 MB
    Available physical RAM: 1688.28 MB
    Total Virtual: 7978.53 MB
    Available Virtual: 5513.31 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:90.69 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #7
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    AERTSr64.exe 1,272 K 2,228 K 1172 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
    armsvc.exe 1,228 K 3,536 K 1948 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
    audiodg.exe 23,176 K 22,632 K 2876 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    BTHSSecurityMgr.exe 4,252 K 5,900 K 2100 Intel® BlueTooth® HS Security Manager Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
    chrome.exe 1,604 K 4,752 K 5536 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 65,548 K 60,876 K 4004 Google Chrome Google Inc. (Verified) Google Inc
    conhost.exe 1,080 K 2,360 K 1460 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    devmonsrv.exe 2,744 K 5,692 K 1384 Bluetooth Device Monitor Intel Corporation (No signature was present in the subject) Intel Corporation
    hkcmd.exe 2,804 K 7,092 K 3764 hkcmd Module Intel Corporation (Verified) Intel Corporation
    KMService.exe 1,152 K 3,560 K 2576 (No signature was present in the subject)
    mDNSResponder.exe 2,692 K 4,864 K 2060 Bonjour Service Apple Inc. (Verified) Apple Inc.
    obexsrv.exe 2,824 K 5,656 K 2340 Bluetooth OBEX Service Intel Corporation (No signature was present in the subject) Intel Corporation
    PresentationFontCache.exe 27,668 K 19,780 K 6336 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
    procexp.exe 29,264 K 21,488 K 6392 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    RegSrvc.exe 2,344 K 5,380 K 2652 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
    SftService.exe 4,384 K 6,832 K 2736 SoftThinks Agent Service SoftThinks SAS (Verified) Dell Inc
    SkypeC2CAutoUpdateSvc.exe 1,400 K 3,680 K 2148 Updates Skype Click to Call Microsoft Corporation (Verified) Skype Software Sarl
    SkypeC2CPNRSvc.exe 1,920 K 3,624 K 2184 Phone Number Recognition (PNR) module Microsoft Corporation (Verified) Skype Software Sarl
    smss.exe 544 K 1,092 K 428 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    spoolsv.exe 7,904 K 12,324 K 1632 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    srvany.exe 860 K 2,844 K 2472 (No signature was present in the subject)
    svchost.exe 1,840 K 4,244 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 5,240 K 5,212 K 2228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 4,648 K 6,540 K 2884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    taskeng.exe 2,448 K 6,268 K 2792 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
    TurboBoost.exe 1,928 K 5,848 K 6816 Turbo Boost Monitor Service Intel® Corporation (Verified) Intel® Software
    UNS.exe 3,160 K 7,300 K 6128 User Notification Service Intel Corporation (Verified) Intel Corporation
    unsecapp.exe 1,768 K 4,316 K 3916 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    unsecapp.exe 2,144 K 6,324 K 5264 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe 1,916 K 3,860 K 756 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe 3,308 K 5,604 K 448 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVCM.EXE 1,500 K 2,680 K 2504 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
    WmiPrvSE.exe 4,968 K 8,740 K 3452 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 6,832 K 10,840 K 3872 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    BTHSAmpPalService.exe < 0.01 2,060 K 3,136 K 1264 Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter Intel Corporation (Verified) Intel Corporation - Mobile Wireless Group
    mediasrv.exe < 0.01 4,236 K 7,868 K 4224 Bluetooth Media Service Intel Corporation (No signature was present in the subject) Intel Corporation
    wmpnetwk.exe < 0.01 6,716 K 4,920 K 4956 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 8,688 K 13,960 K 1176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    wlanext.exe < 0.01 9,700 K 13,160 K 1424 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 4,704 K 7,316 K 328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    WLIDSVC.EXE < 0.01 7,316 K 11,440 K 2920 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
    conhost.exe < 0.01 1,160 K 2,312 K 2592 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
    EvtEng.exe < 0.01 8,548 K 10,340 K 2256 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation - Mobile Wireless Group
    chrome.exe < 0.01 80,024 K 112,000 K 6484 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe < 0.01 89,732 K 121,996 K 1140 Google Chrome Google Inc. (Verified) Google Inc
    csrss.exe 0.01 2,512 K 4,724 K 652 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe 0.01 2,904 K 4,132 K 848 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    services.exe 0.01 6,100 K 8,360 K 812 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    iPodService.exe 0.01 2,632 K 6,848 K 120 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
    svchost.exe 0.01 141,080 K 142,952 K 384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    avastui.exe 0.02 32,108 K 16,292 K 4492 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
    AppleMobileDeviceService.exe 0.02 3,936 K 8,464 K 1464 MobileDeviceService Apple Inc. (Verified) Apple Inc.
    svchost.exe 0.03 29,184 K 30,284 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.03 22,548 K 14,476 K 912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    lsass.exe 0.04 5,944 K 11,036 K 840 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.04 4,800 K 8,056 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    LMS.exe 0.04 2,332 K 4,720 K 3416 Local Manageability Service Intel Corporation (Verified) Intel Corporation
    svchost.exe 0.06 7,136 K 37,136 K 4660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    SearchIndexer.exe 0.07 35,400 K 23,692 K 3932 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.11 20,364 K 27,220 K 1036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    explorer.exe 0.17 55,040 K 61,432 K 3812 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    Skype.exe 0.19 139,916 K 155,748 K 5200 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
    chrome.exe 0.23 280,328 K 420,872 K 6076 Google Chrome Google Inc. (Verified) Google Inc
    AvastSvc.exe 0.31 65,488 K 40,940 K 1528 avast! Service AVAST Software (Verified) AVAST Software a.s.
    csrss.exe 0.43 2,924 K 28,656 K 780 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    System 0.46 240 K 6,164 K 4
    chrome.exe 0.56 79,888 K 126,364 K 1692 Google Chrome Google Inc. (Verified) Google Inc
    Interrupts 0.83 0 K 0 K n/a Hardware Interrupts and DPCs
    dwm.exe 1.27 114,688 K 56,024 K 3772 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    procexp64.exe 5.90 69,492 K 68,936 K 3248 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    System Idle Process 89.10 0 K 24 K 0

    • 0

    #8
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts

    Thank you so much for your response! I believe that's everything you requested. Please let me know if I missed anything. Again thank you so much for helping!!!


    • 0

    #9
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts

    I just noticed that after this process a file called 8148.tmp got downloaded onto my computer. Is this normal? Or should I delete it? 


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP
    Looks like you have had a zero access infection.  I don't see the infection but there is a lot of damage.
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   9.47KB   54 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
    Download ESET's Service Repair http://www.wintips.o...vicesRepair.zipand Save it then right click on it Extract All.
     
    Find ServicesRepair.exe, right click  and Run As Admin. 
     
     
    If it doesn't do it for you:
     
    Reboot.
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    If you have problems getting on line after running the fix:
     
    Start, All Programs, Accessories, right click on Command Prompt and Run As Admin..  Type with an Enter after each line:
    netsh winsock reset catalog
    netsh int ipv4 reset %userprofile%\Desktop\reset4.log
    netsh int ipv6 reset %userprofile%\Desktop\reset6.log 

    Reboot.

     

     


    • 0

    Advertisements


    #11
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
    Ran by Victoria (17-09-2016 23:57:04) Run:1
    Running from C:\Users\Victoria\Desktop
    Loaded Profiles: Victoria (Available Profiles: Victoria)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [Facebook Update] => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-23] (Facebook Inc.)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\Run: [BingSvc] => C:\Users\Victoria\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\MountPoints2: {61692c6d-198a-11e2-b0df-4c80931bc762} - E:\SETUP.EXE
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\...\MountPoints2: {e9cdb81a-6199-11e2-a440-4c80931bc762} - F:\EMP_UDSe.exe /autorun
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-04]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
    Winsock: Catalog5 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-09-23] (Oracle Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-23] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-23] (Oracle Corporation)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-23] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_51\bin\new_plugin\npjp2.dll [No File]
    FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-23] (Oracle Corporation)
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => No File
    CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
    CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
    CHR Plugin: (TelevisionFanatic Installer Plugin Stub) - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll => No File
    CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll => No File
    CHR Plugin: (Google Update) - C:\Users\Victoria\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => No File
    CHR HKLM\...\Chrome\Extension: [khldgopgjjapmbkgflpoclebjjmkmbnk] - C:\Program Files\Video downloader\source.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [khldgopgjjapmbkgflpoclebjjmkmbnk] - C:\Program Files\Video downloader\source.crx <not found>
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    2012-10-06 18:53 - 2013-02-27 20:59 - 0000112 ____H () C:\ProgramData\3yaBHEH.dat
    2012-10-06 18:53 - 2012-10-06 18:53 - 0000001 ____H () C:\ProgramData\d0071mYt.exe.b
    2012-10-06 18:53 - 2012-10-06 18:53 - 0000001 ____H () C:\ProgramData\d0071mYt.exe_.b
    C:\Users\Victoria\AppData\Local\Temp\54E2.exe
    C:\Users\Victoria\AppData\Local\Temp\apjl1hrx.dll
    C:\Users\Victoria\AppData\Local\Temp\BingSvc.exe
    C:\Users\Victoria\AppData\Local\Temp\BSvcProcessor.exe
    C:\Users\Victoria\AppData\Local\Temp\BSvcUpdater.exe
    C:\Users\Victoria\AppData\Local\Temp\i5hys9_e.dll
    C:\Users\Victoria\AppData\Local\Temp\jre-8u51-windows-au.exe
    C:\Users\Victoria\AppData\Local\Temp\khkaqxcg.dll
    C:\Users\Victoria\AppData\Local\Temp\libeay32.dll
    C:\Users\Victoria\AppData\Local\Temp\msvcr120.dll
    C:\Users\Victoria\AppData\Local\Temp\Quarantine.exe
    C:\Users\Victoria\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Victoria\AppData\Local\Temp\sqlite3.dll
    C:\Users\Victoria\AppData\Local\Temp\t8vvo5hv.dll
    C:\Users\Victoria\AppData\Local\Temp\ukvjgfpn.dll
    C:\Users\Victoria\AppData\Local\Temp\z09kv1v7.dll
    C:\Users\Victoria\AppData\Local\Temp\_zgsxj8g.dll
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Victoria\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    Task: {0DD051B3-4FFA-44A0-8462-92C333235766} - System32\Tasks\{A75858B5-C700-4A69-8342-33B2E62FECF3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102.320/en/abandoninstall?page=tsProgressBar
    Task: {20048800-671E-4F57-94F6-6F5CF391F751} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23] (Facebook Inc.)
    Task: {7B5334FB-0A95-4EC0-954A-D8BB820F3476} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23] (Facebook Inc.)
    Task: {A430948B-5148-4E12-8D48-27770036BE44} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {B1A0C211-6E5D-4B64-96CF-AA7DC5AAB9D8} - System32\Tasks\{40DD8FD8-8B45-4A5E-BAB3-B1529E8D0E74} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core.job => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA.job => C:\Users\Victoria\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Victoria\AppData\Roaming\HP Photo Creations\Communicator.exe
    Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PTE -V20000101 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp
    C:\ProgramData\HaDBaVsVgnyPs.exe
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    CMD: netsh winsock reset catalog
    Emptytemp:
     
     
     
     
     
     
    *****************
     
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
    HKU\S-1-5-21-3409012477-161722196-2897755183-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
    "HKU\S-1-5-21-3409012477-161722196-2897755183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61692c6d-198a-11e2-b0df-4c80931bc762}" => key removed successfully
    HKCR\CLSID\{61692c6d-198a-11e2-b0df-4c80931bc762} => key not found. 
    "HKU\S-1-5-21-3409012477-161722196-2897755183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cdb81a-6199-11e2-a440-4c80931bc762}" => key removed successfully
    HKCR\CLSID\{e9cdb81a-6199-11e2-a440-4c80931bc762} => key not found. 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
    C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe => moved successfully
    Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
    Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
    Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
    Winsock: Catalog5-x64 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
    "HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
    "HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
    "HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
    HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found. 
    "HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
    "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.51.2" => key removed successfully
    C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll => moved successfully
    "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
    "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2" => key removed successfully
    C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll => moved successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.60.2" => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll => moved successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2" => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll => moved successfully
    HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value removed successfully
    C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => not found.
    C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
    C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => not found.
    C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll => not found.
    C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll => not found.
    C:\Users\Victoria\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll => not found.
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll => not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\khldgopgjjapmbkgflpoclebjjmkmbnk" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\khldgopgjjapmbkgflpoclebjjmkmbnk" => key removed successfully
    c2cautoupdatesvc => Service stopped successfully.
    c2cautoupdatesvc => service removed successfully
    c2cpnrsvc => Service stopped successfully.
    c2cpnrsvc => service removed successfully
    McComponentHostService => service removed successfully
    McMPFSvc => service removed successfully
    HipShieldK => service removed successfully
    C:\ProgramData\3yaBHEH.dat => moved successfully
    C:\ProgramData\d0071mYt.exe.b => moved successfully
    C:\ProgramData\d0071mYt.exe_.b => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\54E2.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\apjl1hrx.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\BingSvc.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\BSvcProcessor.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\BSvcUpdater.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\i5hys9_e.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\khkaqxcg.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\Quarantine.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\SkypeSetup.exe => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\sqlite3.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\t8vvo5hv.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\ukvjgfpn.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\z09kv1v7.dll => moved successfully
    C:\Users\Victoria\AppData\Local\Temp\_zgsxj8g.dll => moved successfully
    "HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
    "HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
    "HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
    "HKU\S-1-5-21-3409012477-161722196-2897755183-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DD051B3-4FFA-44A0-8462-92C333235766}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DD051B3-4FFA-44A0-8462-92C333235766}" => key removed successfully
    C:\Windows\System32\Tasks\{A75858B5-C700-4A69-8342-33B2E62FECF3} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A75858B5-C700-4A69-8342-33B2E62FECF3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20048800-671E-4F57-94F6-6F5CF391F751}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20048800-671E-4F57-94F6-6F5CF391F751}" => key removed successfully
    C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B5334FB-0A95-4EC0-954A-D8BB820F3476}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B5334FB-0A95-4EC0-954A-D8BB820F3476}" => key removed successfully
    C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A430948B-5148-4E12-8D48-27770036BE44}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A430948B-5148-4E12-8D48-27770036BE44}" => key removed successfully
    C:\Windows\System32\Tasks\SystemToolsDailyTest => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1A0C211-6E5D-4B64-96CF-AA7DC5AAB9D8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1A0C211-6E5D-4B64-96CF-AA7DC5AAB9D8}" => key removed successfully
    C:\Windows\System32\Tasks\{40DD8FD8-8B45-4A5E-BAB3-B1529E8D0E74} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{40DD8FD8-8B45-4A5E-BAB3-B1529E8D0E74}" => key removed successfully
    C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000Core.job => moved successfully
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409012477-161722196-2897755183-1000UA.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
    C:\Windows\Tasks\HP Photo Creations Communicator.job => moved successfully
    C:\Windows\Tasks\SDMsgUpdate (TE).job => moved successfully
    "C:\ProgramData\HaDBaVsVgnyPs.exe" => not found.
     
    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
     
    Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
     
    ========= End of CMD: =========
     
     
    ========= netsh winsock reset catalog =========
     
     
    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.
     
     
    ========= End of CMD: =========
     
     
    =========== EmptyTemp: ==========
     
    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 93840364 B
    Java, Flash, Steam htmlcache => 3145 B
    Windows/system/drivers => 455054408 B
    Edge => 0 B
    Chrome => 501703375 B
    Firefox => 358258178 B
    Opera => 0 B
     
    Temp, IE cache, history, cookies, recent:
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 18855115 B
    systemprofile32 => 424 B
    LocalService => 369712 B
    NetworkService => 365236 B
    Victoria => 1814789620 B
     
    RecycleBin => 2791214548 B
    EmptyTemp: => 5.6 GB temporary data Removed.
     
    ================================
     
     
    The system needed a reboot.
     
    ==== End of Fixlog 00:05:36 ====

    • 0

    #12
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    So
    • 0

    #13
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    So I successfully downloaded
    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,019 posts
    • MVP

    ???  Are you having problems with ServicesRepair.exe?

     

    If so, just post a new FRST scan with Addition.txt checked.  I have a manual way of fixing the three services but it is more work.


    • 0

    #15
    vraskin

    vraskin

      Member

    • Topic Starter
    • Member
    • PipPip
    • 20 posts
    Srry for the above^ I'm writing through my phone. So I successfully downloaded the attached fixlist.txt and ran FRST and it generated the fix log which I attached in the previous post. However, the second part didn't go well. When I clicked on the ESET service repair link, my computer immediately started the download so I did not have the option to click 'save' and then 'extract all'. Furthermore, after completing the download, my computer blocked the file and the only thing I could click was 'dismiss'. There was no option to unblock it. And I looked online for a way to unblock it and I found this: https://blogs.msdn.m...downloadedfile/but my computer doesn't have that option under 'security' even though I have a Windows 7. I checked in some of the comments to see if anyone had a similar problem and someone who did suggested to download another program (I don't remember the name and can't check on my computer ATM since it's not responding, but it was something like fireball or fireewall 3.0) to create the option to unblock a download. So I went through this process trying to install the program. While it was installing, I thought I'd click on 'start' and type 'services repair.exe' to see if maybe it was downloaded successfully (because at first in my downloads it just came up as a blank file titled with a number- I can't tell you which number because my computer isn't working right now, but I'll get to that). While typing 'services repair.exe', I found a file called 'services.exe' so I clicked 'run as administrator' on that file (I probably shouldn't have). But it closed all my programs and restarted my computer. And again it took over 15 minutes to do so, and it wouldn't let me click on any applications at all. So I tried shutting it down and again it said that I would need to do a force shut down, however there were no applications open. The same thing happened a few times in the process of restarting my computer a few more times. I took some snapshots of my computer screen in the process. So now my computer won't start properly and I can't complete the instructions you sent. It's stuck in a loop of trying to start but then going back to the black screen with white text. I will try to post the snapshots in the next post.
    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Dell Inspiron N4110, Dell, Inspiron, N4110, laptop, slow, malware, virus, spyware, Windows 7

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP