Author Topic: Hubbie's laptop is getting message "AOL not responding" "recover webpage"  (Read 9141 times)

0 Members and 1 Guest are viewing this topic.

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
It is not just AOL, it is just about any page that he is trying to look at after the initial page comes up.

Result of Security Analysis by Rocket Grannie (x86) Updated: 11th September, 2016
Running from:C:\Users\BB\Desktop (13:34:46 - 09/15/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
***-----------------Anti-Virus - Firewall-------------------***
avast! Antivirus (Enabled - Up to Date)
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin is not installed
Java (version 8.31.13)
Adobe Flash Player ActiveX (version 22.0.0.210)
Google Chrome -- An older version than (53) is installed.
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)
Windows Live Essentials -- An older version than (16.4) is installed.
Google Chrome (version 52.0.2743.116) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*

***----------------Analysis Complete-------------------------***


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by BB (administrator) on BB-PC (15-09-2016 11:03:44)
Running from C:\Users\BB\Desktop
Loaded Profiles: BB (Available Profiles: BB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_210_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2014-10-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-27] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3938814260-852461896-905972704-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-03-27] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65F2429E-28D4-41A7-AA3F-3150D74054DF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3938814260-852461896-905972704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
HKU\S-1-5-21-3938814260-852461896-905972704-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3938814260-852461896-905972704-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3938814260-852461896-905972704-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-3938814260-852461896-905972704-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-05]
FF HKU\S-1-5-21-3938814260-852461896-905972704-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-27] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-27] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U4 eabfiltr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 11:03 - 2016-09-15 11:06 - 00015123 _____ C:\Users\BB\Desktop\FRST.txt
2016-09-15 10:38 - 2016-09-15 10:38 - 02398720 _____ (Farbar) C:\Users\BB\Desktop\FRST64.exe
2016-09-15 07:40 - 2016-09-15 07:40 - 00000000 ____D C:\Users\BB\AppData\Local\{DC45C1AA-02DA-4A99-84F1-1DC278024E63}
2016-09-14 07:32 - 2016-09-14 07:32 - 00000000 ____D C:\Users\BB\AppData\Local\{ABDB6DCD-520B-4019-87B2-4695F0DF9623}
2016-09-13 07:55 - 2016-09-13 07:55 - 00000000 ____D C:\Users\BB\AppData\Local\{654FFAFC-9A8C-4D65-9A0A-83EA6FE751AC}
2016-09-12 11:59 - 2016-09-12 12:00 - 00000000 ____D C:\Users\BB\AppData\Local\{96EBBF8C-B1DE-4D30-9475-FD6499D84993}
2016-09-11 07:43 - 2016-09-11 07:44 - 00000000 ____D C:\Users\BB\AppData\Local\{944006E0-33F4-4922-AFB8-DD53F81C91E5}
2016-09-10 09:28 - 2016-09-10 09:29 - 00000000 ____D C:\Users\BB\AppData\Local\{AD2E33B9-C2F6-40A0-8472-0F9D0A0610B8}
2016-09-09 08:00 - 2016-09-09 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{E662AFA4-3F5B-46B4-A130-EEDD0A2C667B}
2016-09-08 07:51 - 2016-09-08 07:51 - 00000000 ____D C:\Users\BB\AppData\Local\{4E1798D8-4053-405C-B8CC-EE2035FE8890}
2016-09-07 07:25 - 2016-09-07 07:25 - 00000000 ____D C:\Users\BB\AppData\Local\{65529E4E-13D2-4CEA-932D-1A37C2E35E93}
2016-09-06 08:00 - 2016-09-06 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{A8BAE66F-35CB-4946-83E1-2AE83365003D}
2016-09-05 07:36 - 2016-09-05 07:36 - 00000000 ____D C:\Users\BB\AppData\Local\{1E4C6E8B-46EF-449C-8251-54A40F724EA4}
2016-09-04 09:33 - 2016-09-04 09:33 - 00000000 ____D C:\Users\BB\AppData\Local\{5C0E0F57-D571-46DF-8D5E-3AD9C4529FA8}
2016-09-03 09:04 - 2016-09-03 09:04 - 00000000 ____D C:\Users\BB\AppData\Local\{2B1B416A-A4F3-4FC7-A889-375F0FA9C0F9}
2016-09-02 08:34 - 2016-09-02 08:35 - 00000000 ____D C:\Users\BB\AppData\Local\{EC0A2FB9-49EA-407A-9374-70B0257B0CCC}
2016-09-01 07:23 - 2016-09-01 07:23 - 00000000 ____D C:\Users\BB\AppData\Local\{84F76808-E3D4-48E4-AB8D-4C013C1E0E77}
2016-08-31 08:05 - 2016-08-31 08:05 - 00000000 ____D C:\Users\BB\AppData\Local\{B62816B2-6D6E-4CBC-948F-81928A441E0A}
2016-08-30 13:35 - 2016-08-30 13:35 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2016-08-30 08:45 - 2016-08-30 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{3A32E553-D754-49E7-A44A-DF7F18EF0034}
2016-08-29 07:30 - 2016-08-29 07:30 - 00000000 ____D C:\Users\BB\AppData\Local\{E24903AC-7068-4DFD-A500-EE5FE65E716F}
2016-08-28 08:46 - 2016-08-28 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{28DFE7D1-1ABA-423D-B8F6-B948BB93BC85}
2016-08-27 08:24 - 2016-08-27 08:24 - 00000000 ____D C:\Users\BB\AppData\Local\{BA88BCDE-8ABB-4D90-95E9-38D2F7B12023}
2016-08-26 08:22 - 2016-08-26 08:22 - 00000000 ____D C:\Users\BB\AppData\Local\{56DBEC03-38B7-4EFC-BD02-68B17D616C80}
2016-08-25 08:01 - 2016-08-25 08:01 - 00000000 ____D C:\Users\BB\AppData\Local\{01F39A48-2550-4F31-A16C-FAB2F8EEDECD}
2016-08-24 08:05 - 2016-08-24 08:06 - 00000000 ____D C:\Users\BB\AppData\Local\{DCE04C44-DCB5-4903-9925-19291124CF80}
2016-08-23 09:08 - 2016-08-23 09:09 - 00000000 ____D C:\Users\BB\AppData\Local\{9907C96F-8C70-456D-BE64-45138B35F13C}
2016-08-22 10:59 - 2016-08-22 11:00 - 00000000 ____D C:\Users\BB\AppData\Local\{1134D9EF-56A9-4078-BD1E-8291F936647F}
2016-08-21 10:17 - 2016-08-21 10:18 - 00000000 ____D C:\Users\BB\AppData\Local\{B5A889A6-9B90-4482-9D7D-667B552ADA53}
2016-08-20 08:03 - 2016-08-20 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{35B93A0B-0F47-499C-B1EE-D0C83452947A}
2016-08-19 08:25 - 2016-08-19 08:25 - 00000000 ____D C:\Users\BB\AppData\Local\{78508DFF-2652-43C0-8BA6-C7E7705DE255}
2016-08-18 20:23 - 2016-08-18 20:23 - 00000000 ____D C:\Users\BB\AppData\Local\{39822212-DD3A-4D35-9A75-C47C7BB0055F}
2016-08-18 08:08 - 2016-08-18 08:08 - 00000000 ____D C:\Users\BB\AppData\Local\{82364979-D5AA-4FC4-AC03-0B6639690AFB}
2016-08-17 08:03 - 2016-08-17 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{B220CD58-644F-47F2-A912-53CCAB9A7B68}
2016-08-16 07:38 - 2016-08-16 07:38 - 00000000 ____D C:\Users\BB\AppData\Local\{7D7BE30C-5910-4359-BC56-B525471E3D5F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 11:12 - 2012-06-27 14:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-15 11:05 - 2011-09-01 15:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 11:03 - 2016-04-22 11:20 - 00000000 ____D C:\FRST
2016-09-15 09:47 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-15 09:47 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-15 09:46 - 2015-05-14 10:41 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 09:38 - 2016-04-27 19:03 - 00000000 ____D C:\Users\BB\AppData\LocalLow\HPAppData
2016-09-15 09:30 - 2011-09-01 15:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 09:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-15 07:39 - 2014-02-15 11:53 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-14 12:06 - 2009-11-03 14:59 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{05BBE4DA-FE77-4753-9ADE-D5462646F669}
2016-09-11 07:51 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-11 07:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-01 15:48 - 2009-07-14 00:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-26 15:01 - 2016-03-02 18:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2011-05-23 12:55 - 2011-06-27 12:40 - 0001854 _____ () C:\Users\BB\AppData\Roaming\GhostObjGAFix.xml
2011-09-11 13:49 - 2011-09-11 13:49 - 0024209 _____ () C:\Users\BB\AppData\Roaming\UserTile.png
2015-04-09 16:29 - 2015-04-09 16:30 - 0000104 _____ () C:\Users\BB\AppData\Roaming\wklnhst.dat
2009-10-28 07:56 - 2009-10-28 07:56 - 0000000 _____ () C:\Users\BB\AppData\Local\AtStart.txt
2009-10-28 07:56 - 2009-10-28 07:56 - 0000000 _____ () C:\Users\BB\AppData\Local\DSwitch.txt
2009-10-28 07:56 - 2009-10-28 07:56 - 0000000 _____ () C:\Users\BB\AppData\Local\QSwitch.txt
2009-09-01 03:48 - 2011-09-11 13:49 - 0001004 _____ () C:\ProgramData\hpqp.ini
2009-10-28 07:56 - 2014-05-14 15:46 - 0000187 _____ () C:\ProgramData\HPWALog.txt
2009-09-01 03:50 - 2009-09-01 03:50 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 10:00 - 2009-08-21 10:01 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-01 03:49 - 2009-09-01 03:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 09:54 - 2009-08-21 09:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-01 03:49 - 2009-09-01 03:49 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-01 03:50 - 2009-09-01 03:50 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 09:53 - 2009-08-21 09:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 09:56 - 2009-08-21 10:00 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-01 03:50 - 2009-09-01 03:50 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 08:05

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by BB (15-09-2016 11:21:14)
Running from C:\Users\BB\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-10-28 12:07:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3938814260-852461896-905972704-500 - Administrator - Disabled)
BB (S-1-5-21-3938814260-852461896-905972704-1000 - Administrator - Enabled) => C:\Users\BB
Guest (S-1-5-21-3938814260-852461896-905972704-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3938814260-852461896-905972704-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{6C47240C-016E-03B5-D13E-AECAED09F2E3}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Atlantis Quest 1.0 (HKLM-x32\...\Atlantis Quest_is1) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Big Fish Games Client (HKLM-x32\...\BFGC) (Version: 1.4.0.11 - )
ccc-core-static (x32 Version: 2009.0702.1239.20840 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Enchanted Cavern (HKLM-x32\...\BFG-Enchanted Cavern) (Version:  - )
FlextimePlayer1.0.3 For Win7 (HKLM-x32\...\{24452AEB-441B-4EA4-80B0-C739D1F0A228}) (Version: 1.0.14 - FlextimePlayer)
Galapago FREE (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116579967}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.0.6623 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
Puzzle Odyssey (HKLM-x32\...\Puzzle Odyssey_is1) (Version:  - Games Of The Month)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09BB301E-8B99-4B68-84B4-873C14BCC7B3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {35BA0F6C-E3C2-45C6-8764-1A78746544EA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3938814260-852461896-905972704-1000
Task: {465AF7FB-00C9-40B1-933A-AE213F87AF9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-05] (Adobe Systems Incorporated)
Task: {4711E9AE-42B3-4A1B-BB90-50BB0ACF0597} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {83C39A7E-5921-4F24-B61F-C7CD699A5037} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {87F823D9-7484-4A18-9AD1-A1A2CD462E11} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {958A6193-280B-444B-BA36-A532A0218B1B} - System32\Tasks\{007938BD-9AA0-4190-A984-C0095A15EC9A} => pcalua.exe -a "C:\Users\BB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WY3GDRRI\avg_free_stb_all_2011_1204_cnet[1].exe" -d C:\Users\BB\Desktop
Task: {968CD506-EEFC-43E0-BE25-451A9523260A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {99D6FCFC-C3A1-41B9-B168-292F90AAD30C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {9B8E3ACF-F4DD-4098-9869-37F097126EB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A04B58D9-7DA9-4EED-81F2-60FBE0D384FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {C2D2CC65-B509-45E6-A3A0-A926E9A271BA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-05] (Avast Software s.r.o.)
Task: {C63324D5-7B5C-4D52-A5AF-7D946EF35E0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {DD36C6CF-A0D7-4F62-81E2-64C572ADE7A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EC2D3988-57A3-4E6A-9DAB-42EB962EE6F2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {F41DD27B-BD71-42F5-AD15-E280D89D3964} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-08-21 10:00 - 2009-01-21 13:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-03-27 09:42 - 2015-03-27 09:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-27 09:42 - 2015-03-27 09:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-15 07:41 - 2016-09-15 07:41 - 03085624 _____ () C:\Program Files\AVAST Software\Avast\defs\16091500\algo.dll
2015-03-27 09:42 - 2015-03-27 09:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3938814260-852461896-905972704-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: defragsvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A03860B8-4F7D-4E00-A7DD-839F00551E22}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{90572630-4067-48F5-B253-EF4122545829}] => (Allow) svchost.exe
FirewallRules: [{DB202359-A155-4D90-9147-5A7ACC7C65AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{8EA4A3B9-7CF1-4589-A1D4-CE3164337F0F}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QP.exe
FirewallRules: [{9DCE5CAA-16D3-4481-8815-84DA2470F745}] => (Allow) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
FirewallRules: [{98C2A049-BF9A-4A9E-BBB4-44873943E6DB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{DE674589-34DC-4168-A2F2-D5E4F60426A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0A9726EF-E238-46B6-84E5-E69A96F33E20}] => (Allow) LPort=2869
FirewallRules: [{EB5008AE-25DA-4053-8052-63E390E55E2A}] => (Allow) LPort=1900
FirewallRules: [{156463EB-901E-49F4-8975-B88619B685AA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{11E11922-37B4-4B13-BAD2-360C004EE144}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-05-2016 13:52:19 Windows Update
15-05-2016 10:10:32 Windows Update
15-05-2016 21:36:04 Windows Update
18-05-2016 07:12:50 Windows Update
24-05-2016 07:40:48 Windows Update
25-05-2016 15:54:18 Windows Update
31-05-2016 11:27:36 Windows Update
03-06-2016 21:05:32 avast! antivirus system restore point
03-06-2016 21:19:15 Windows Update
07-06-2016 08:17:12 Windows Update
14-06-2016 08:17:21 Windows Update
05-08-2016 06:56:40 avast! antivirus system restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2016 09:50:17 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (09/15/2016 09:43:05 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (09/15/2016 08:07:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c34

Start Time: 01d20f515ec2c5cf

Termination Time: 187

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/15/2016 08:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c90

Start Time: 01d20f50ec6771fa

Termination Time: 281

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/15/2016 07:58:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c64

Start Time: 01d20f50046eea1f

Termination Time: 187

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/15/2016 07:58:28 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (09/15/2016 07:51:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5ec

Start Time: 01d20f4ec4ed1fc5

Termination Time: 328

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/15/2016 07:43:18 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (09/14/2016 12:08:41 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (09/14/2016 12:08:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eec

Start Time: 01d20eaa5f35545d

Termination Time: 109

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (09/15/2016 09:45:18 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{65F2429E-28D4-41A7-AA3F-3150D74054DF}.
The backup browser is stopping.

Error: (09/15/2016 09:39:10 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/15/2016 07:46:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/15/2016 07:46:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/15/2016 07:46:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/15/2016 07:46:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/15/2016 07:46:21 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/14/2016 07:39:09 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/14/2016 07:39:09 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (09/14/2016 07:32:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor: AMD Sempron(tm) M100
Percentage of memory in use: 50%
Total physical RAM: 2812.2 MB
Available physical RAM: 1406.05 MB
Total Virtual: 5622.58 MB
Available Virtual: 3718.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.48 GB) (Free:159.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.19 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 068F0963)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #1 on: September 15, 2016, 11:23:29 PM »
Hi, Casi. 

Although list for FRST is long, I am not seeing anything there that should be resulting in "not responding".  Nonetheless, let's see if there is any improvement.

1.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: [Select]
start
CreateRestorePoint:
CloseProcesses:
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
U4 eabfiltr; no ImagePath
2016-09-15 07:40 - 2016-09-15 07:40 - 00000000 ____D C:\Users\BB\AppData\Local\{DC45C1AA-02DA-4A99-84F1-1DC278024E63}
2016-09-14 07:32 - 2016-09-14 07:32 - 00000000 ____D C:\Users\BB\AppData\Local\{ABDB6DCD-520B-4019-87B2-4695F0DF9623}
2016-09-13 07:55 - 2016-09-13 07:55 - 00000000 ____D C:\Users\BB\AppData\Local\{654FFAFC-9A8C-4D65-9A0A-83EA6FE751AC}
2016-09-12 11:59 - 2016-09-12 12:00 - 00000000 ____D C:\Users\BB\AppData\Local\{96EBBF8C-B1DE-4D30-9475-FD6499D84993}
2016-09-11 07:43 - 2016-09-11 07:44 - 00000000 ____D C:\Users\BB\AppData\Local\{944006E0-33F4-4922-AFB8-DD53F81C91E5}
2016-09-10 09:28 - 2016-09-10 09:29 - 00000000 ____D C:\Users\BB\AppData\Local\{AD2E33B9-C2F6-40A0-8472-0F9D0A0610B8}
2016-09-09 08:00 - 2016-09-09 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{E662AFA4-3F5B-46B4-A130-EEDD0A2C667B}
2016-09-08 07:51 - 2016-09-08 07:51 - 00000000 ____D C:\Users\BB\AppData\Local\{4E1798D8-4053-405C-B8CC-EE2035FE8890}
2016-09-07 07:25 - 2016-09-07 07:25 - 00000000 ____D C:\Users\BB\AppData\Local\{65529E4E-13D2-4CEA-932D-1A37C2E35E93}
2016-09-06 08:00 - 2016-09-06 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{A8BAE66F-35CB-4946-83E1-2AE83365003D}
2016-09-05 07:36 - 2016-09-05 07:36 - 00000000 ____D C:\Users\BB\AppData\Local\{1E4C6E8B-46EF-449C-8251-54A40F724EA4}
2016-09-04 09:33 - 2016-09-04 09:33 - 00000000 ____D C:\Users\BB\AppData\Local\{5C0E0F57-D571-46DF-8D5E-3AD9C4529FA8}
2016-09-03 09:04 - 2016-09-03 09:04 - 00000000 ____D C:\Users\BB\AppData\Local\{2B1B416A-A4F3-4FC7-A889-375F0FA9C0F9}
2016-09-02 08:34 - 2016-09-02 08:35 - 00000000 ____D C:\Users\BB\AppData\Local\{EC0A2FB9-49EA-407A-9374-70B0257B0CCC}
2016-09-01 07:23 - 2016-09-01 07:23 - 00000000 ____D C:\Users\BB\AppData\Local\{84F76808-E3D4-48E4-AB8D-4C013C1E0E77}
2016-08-31 08:05 - 2016-08-31 08:05 - 00000000 ____D C:\Users\BB\AppData\Local\{B62816B2-6D6E-4CBC-948F-81928A441E0A}
2016-08-30 08:45 - 2016-08-30 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{3A32E553-D754-49E7-A44A-DF7F18EF0034}
2016-08-29 07:30 - 2016-08-29 07:30 - 00000000 ____D C:\Users\BB\AppData\Local\{E24903AC-7068-4DFD-A500-EE5FE65E716F}
2016-08-28 08:46 - 2016-08-28 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{28DFE7D1-1ABA-423D-B8F6-B948BB93BC85}
2016-08-27 08:24 - 2016-08-27 08:24 - 00000000 ____D C:\Users\BB\AppData\Local\{BA88BCDE-8ABB-4D90-95E9-38D2F7B12023}
2016-08-26 08:22 - 2016-08-26 08:22 - 00000000 ____D C:\Users\BB\AppData\Local\{56DBEC03-38B7-4EFC-BD02-68B17D616C80}
2016-08-25 08:01 - 2016-08-25 08:01 - 00000000 ____D C:\Users\BB\AppData\Local\{01F39A48-2550-4F31-A16C-FAB2F8EEDECD}
2016-08-24 08:05 - 2016-08-24 08:06 - 00000000 ____D C:\Users\BB\AppData\Local\{DCE04C44-DCB5-4903-9925-19291124CF80}
2016-08-23 09:08 - 2016-08-23 09:09 - 00000000 ____D C:\Users\BB\AppData\Local\{9907C96F-8C70-456D-BE64-45138B35F13C}
2016-08-22 10:59 - 2016-08-22 11:00 - 00000000 ____D C:\Users\BB\AppData\Local\{1134D9EF-56A9-4078-BD1E-8291F936647F}
2016-08-21 10:17 - 2016-08-21 10:18 - 00000000 ____D C:\Users\BB\AppData\Local\{B5A889A6-9B90-4482-9D7D-667B552ADA53}
2016-08-20 08:03 - 2016-08-20 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{35B93A0B-0F47-499C-B1EE-D0C83452947A}
2016-08-19 08:25 - 2016-08-19 08:25 - 00000000 ____D C:\Users\BB\AppData\Local\{78508DFF-2652-43C0-8BA6-C7E7705DE255}
2016-08-18 20:23 - 2016-08-18 20:23 - 00000000 ____D C:\Users\BB\AppData\Local\{39822212-DD3A-4D35-9A75-C47C7BB0055F}
2016-08-18 08:08 - 2016-08-18 08:08 - 00000000 ____D C:\Users\BB\AppData\Local\{82364979-D5AA-4FC4-AC03-0B6639690AFB}
2016-08-17 08:03 - 2016-08-17 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{B220CD58-644F-47F2-A912-53CCAB9A7B68}
2016-08-16 07:38 - 2016-08-16 07:38 - 00000000 ____D C:\Users\BB\AppData\Local\{7D7BE30C-5910-4359-BC56-B525471E3D5F}
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

2.  Please download AdwCleaner by Xplode and save to your Desktop.
  • Right-click on AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

3.  Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #2 on: September 16, 2016, 01:25:38 AM »
Corrine, I am having problems.  For some reason I am having trouble with the first step.  I think I did it right but I can't find the right file to send back in reply.

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #3 on: September 16, 2016, 01:51:37 PM »
You should see FRST.txt on the desktop (C:\Users\BB\Desktop).  Minimize all open windows and see if it is there. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #4 on: September 16, 2016, 10:31:47 PM »
I don't, so I must have done it wrong.  There is FRST.....FRST-Olderversion.....SALog and Addition....and RGSA.


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #5 on: September 16, 2016, 10:44:22 PM »
It should be in FRST.  Do you have the FRST.txt that you created and is it located in the FRST folder?  If not, either move it there or create a new FRST.txt and try again.  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #6 on: September 16, 2016, 10:58:34 PM »
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by BB (administrator) on BB-PC (15-09-2016 11:03:44)
Running from C:\Users\BB\Desktop
Loaded Profiles: BB (Available Profiles: BB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_22_0_0_210_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2014-10-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-27] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3938814260-852461896-905972704-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-03-27] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65F2429E-28D4-41A7-AA3F-3150D74054DF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C8E15F36-B437-49E3-8F09-91FD6B334AB8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3938814260-852461896-905972704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
HKU\S-1-5-21-3938814260-852461896-905972704-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3938814260-852461896-905972704-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D870C61B-DDD8-4C25-8692-9728BDBCDE59} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3938814260-852461896-905972704-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-27] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-27] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-3938814260-852461896-905972704-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-05]
FF HKU\S-1-5-21-3938814260-852461896-905972704-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-27] (Avast Software s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-27] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U4 eabfiltr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 11:03 - 2016-09-15 11:06 - 00015123 _____ C:\Users\BB\Desktop\FRST.txt
2016-09-15 10:38 - 2016-09-15 10:38 - 02398720 _____ (Farbar) C:\Users\BB\Desktop\FRST64.exe
2016-09-15 07:40 - 2016-09-15 07:40 - 00000000 ____D C:\Users\BB\AppData\Local\{DC45C1AA-02DA-4A99-84F1-1DC278024E63}
2016-09-14 07:32 - 2016-09-14 07:32 - 00000000 ____D C:\Users\BB\AppData\Local\{ABDB6DCD-520B-4019-87B2-4695F0DF9623}
2016-09-13 07:55 - 2016-09-13 07:55 - 00000000 ____D C:\Users\BB\AppData\Local\{654FFAFC-9A8C-4D65-9A0A-83EA6FE751AC}
2016-09-12 11:59 - 2016-09-12 12:00 - 00000000 ____D C:\Users\BB\AppData\Local\{96EBBF8C-B1DE-4D30-9475-FD6499D84993}
2016-09-11 07:43 - 2016-09-11 07:44 - 00000000 ____D C:\Users\BB\AppData\Local\{944006E0-33F4-4922-AFB8-DD53F81C91E5}
2016-09-10 09:28 - 2016-09-10 09:29 - 00000000 ____D C:\Users\BB\AppData\Local\{AD2E33B9-C2F6-40A0-8472-0F9D0A0610B8}
2016-09-09 08:00 - 2016-09-09 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{E662AFA4-3F5B-46B4-A130-EEDD0A2C667B}
2016-09-08 07:51 - 2016-09-08 07:51 - 00000000 ____D C:\Users\BB\AppData\Local\{4E1798D8-4053-405C-B8CC-EE2035FE8890}
2016-09-07 07:25 - 2016-09-07 07:25 - 00000000 ____D C:\Users\BB\AppData\Local\{65529E4E-13D2-4CEA-932D-1A37C2E35E93}
2016-09-06 08:00 - 2016-09-06 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{A8BAE66F-35CB-4946-83E1-2AE83365003D}
2016-09-05 07:36 - 2016-09-05 07:36 - 00000000 ____D C:\Users\BB\AppData\Local\{1E4C6E8B-46EF-449C-8251-54A40F724EA4}
2016-09-04 09:33 - 2016-09-04 09:33 - 00000000 ____D C:\Users\BB\AppData\Local\{5C0E0F57-D571-46DF-8D5E-3AD9C4529FA8}
2016-09-03 09:04 - 2016-09-03 09:04 - 00000000 ____D C:\Users\BB\AppData\Local\{2B1B416A-A4F3-4FC7-A889-375F0FA9C0F9}
2016-09-02 08:34 - 2016-09-02 08:35 - 00000000 ____D C:\Users\BB\AppData\Local\{EC0A2FB9-49EA-407A-9374-70B0257B0CCC}
2016-09-01 07:23 - 2016-09-01 07:23 - 00000000 ____D C:\Users\BB\AppData\Local\{84F76808-E3D4-48E4-AB8D-4C013C1E0E77}
2016-08-31 08:05 - 2016-08-31 08:05 - 00000000 ____D C:\Users\BB\AppData\Local\{B62816B2-6D6E-4CBC-948F-81928A441E0A}
2016-08-30 13:35 - 2016-08-30 13:35 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2016-08-30 08:45 - 2016-08-30 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{3A32E553-D754-49E7-A44A-DF7F18EF0034}
2016-08-29 07:30 - 2016-08-29 07:30 - 00000000 ____D C:\Users\BB\AppData\Local\{E24903AC-7068-4DFD-A500-EE5FE65E716F}
2016-08-28 08:46 - 2016-08-28 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{28DFE7D1-1ABA-423D-B8F6-B948BB93BC85}
2016-08-27 08:24 - 2016-08-27 08:24 - 00000000 ____D C:\Users\BB\AppData\Local\{BA88BCDE-8ABB-4D90-95E9-38D2F7B12023}
2016-08-26 08:22 - 2016-08-26 08:22 - 00000000 ____D C:\Users\BB\AppData\Local\{56DBEC03-38B7-4EFC-BD02-68B17D616C80}
2016-08-25 08:01 - 2016-08-25 08:01 - 00000000 ____D C:\Users\BB\AppData\Local\{01F39A48-2550-4F31-A16C-FAB2F8EEDECD}
2016-08-24 08:05 - 2016-08-24 08:06 - 00000000 ____D C:\Users\BB\AppData\Local\{DCE04C44-DCB5-4903-9925-19291124CF80}
2016-08-23 09:08 - 2016-08-23 09:09 - 00000000 ____D C:\Users\BB\AppData\Local\{9907C96F-8C70-456D-BE64-45138B35F13C}
2016-08-22 10:59 - 2016-08-22 11:00 - 00000000 ____D C:\Users\BB\AppData\Local\{1134D9EF-56A9-4078-BD1E-8291F936647F}
2016-08-21 10:17 - 2016-08-21 10:18 - 00000000 ____D C:\Users\BB\AppData\Local\{B5A889A6-9B90-4482-9D7D-667B552ADA53}
2016-08-20 08:03 - 2016-08-20 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{35B93A0B-0F47-499C-B1EE-D0C83452947A}
2016-08-19 08:25 - 2016-08-19 08:25 - 00000000 ____D C:\Users\BB\AppData\Local\{78508DFF-2652-43C0-8BA6-C7E7705DE255}
2016-08-18 20:23 - 2016-08-18 20:23 - 00000000 ____D C:\Users\BB\AppData\Local\{39822212-DD3A-4D35-9A75-C47C7BB0055F}
2016-08-18 08:08 - 2016-08-18 08:08 - 00000000 ____D C:\Users\BB\AppData\Local\{82364979-D5AA-4FC4-AC03-0B6639690AFB}
2016-08-17 08:03 - 2016-08-17 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{B220CD58-644F-47F2-A912-53CCAB9A7B68}
2016-08-16 07:38 - 2016-08-16 07:38 - 00000000 ____D C:\Users\BB\AppData\Local\{7D7BE30C-5910-4359-BC56-B525471E3D5F}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-15 11:12 - 2012-06-27 14:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-15 11:05 - 2011-09-01 15:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 11:03 - 2016-04-22 11:20 - 00000000 ____D C:\FRST
2016-09-15 09:47 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-15 09:47 - 2009-07-13 23:45 - 00026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-15 09:46 - 2015-05-14 10:41 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 09:38 - 2016-04-27 19:03 - 00000000 ____D C:\Users\BB\AppData\LocalLow\HPAppData
2016-09-15 09:30 - 2011-09-01 15:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 09:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-15 07:39 - 2014-02-15 11:53 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-14 12:06 - 2009-11-03 14:59 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{05BBE4DA-FE77-4753-9ADE-D5462646F669}
2016-09-11 07:51 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-11 07:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-09-01 15:48 - 2009-07-14 00:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-26 15:01 - 2016-03-02 18:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2011-05-23 12:55 - 2011-06-27 12:40 - 0001854 _____ () C:\Users\BB\AppData\Roaming\GhostObjGAFix.xml
2011-09-11 13:49 - 2011-09-11 13:49 - 0024209 _____ () C:\Users\BB\AppData\Roaming\UserTile.png
2015-04-09 16:29 - 2015-04-09 16:30 - 0000104 _____ () C:\Users\BB\AppData\Roaming\wklnhst.dat
2009-10-28 07:56 - 2009-10-28 07:56 - 0000000 _____ () C:\Users\BB\AppData\Local\AtStart.txt
2009-10-28 07:56 - 2009-10-28 07:56 - 0000000 _____ () C:\Users\BB\AppData\Local\DSwitch.txt
2009-10-28 07:56 - 2009-10-28 07:56 - 0000000 _____ () C:\Users\BB\AppData\Local\QSwitch.txt
2009-09-01 03:48 - 2011-09-11 13:49 - 0001004 _____ () C:\ProgramData\hpqp.ini
2009-10-28 07:56 - 2014-05-14 15:46 - 0000187 _____ () C:\ProgramData\HPWALog.txt
2009-09-01 03:50 - 2009-09-01 03:50 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-08-21 10:00 - 2009-08-21 10:01 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-09-01 03:49 - 2009-09-01 03:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-08-21 09:54 - 2009-08-21 09:56 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-09-01 03:49 - 2009-09-01 03:49 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2009-09-01 03:50 - 2009-09-01 03:50 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-08-21 09:53 - 2009-08-21 09:54 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-08-21 09:56 - 2009-08-21 10:00 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-09-01 03:50 - 2009-09-01 03:50 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 08:05

==================== End of FRST.txt ============================

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #7 on: September 16, 2016, 11:06:00 PM »
WAs that it?  Did I do it?

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #8 on: September 16, 2016, 11:54:49 PM »
I ran the adware cleaner.  I copied the logfile and opened up IE to come to this site to post results...feeling pretty good cause adware cleaner said that took care of 14 threats.  Message came up "AOL not responding"...recover webpage?  grrrrrr

# AdwCleaner v6.020 - Logfile created 16/09/2016 at 19:39:47
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-16.3 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : BB - BB-PC
# Running from : C:\Users\BB\Desktop\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\BB\AppData\LocalLow\HPAppData


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3938814260-852461896-905972704-1000\Products\363FB0CBBA367FF4E81FEAD0F717B142
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3938814260-852461896-905972704-1000\Products\1B05AC800F890744BBC65B0D8B2CE8CF
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dailyrecipeguide.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.aol.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\totalrecipesearch.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dailyrecipeguide.dl.myway.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.aol.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\totalrecipesearch.dl.myway.com
  • Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com



***** [ Web browsers ] *****

[!] [aol.com] [Search ProviderWeb data] not deleted:
[!] [ask.com] [Search ProviderWeb data] not deleted:


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3764 Bytes] - [27/04/2016 18:58:25]
C:\AdwCleaner\AdwCleaner[C2].txt - [2667 Bytes] - [16/09/2016 19:39:47]
C:\AdwCleaner\AdwCleaner[R0].txt - [9186 Bytes] - [24/08/2014 17:45:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [8669 Bytes] - [24/08/2014 17:55:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [3340 Bytes] - [27/04/2016 12:00:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [3413 Bytes] - [27/04/2016 12:06:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [3515 Bytes] - [27/04/2016 18:55:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [3294 Bytes] - [16/09/2016 19:34:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3178 Bytes] ##########

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #9 on: September 17, 2016, 01:26:00 AM »
I have Junkware Removal Tool running on hubbie's lap top.  It has been on for a couple of hours now and I don't think it is doing anything.  It created a restore point...SUCCESS, then in has 6 lines, the last one say browsers.  I have AVAST  free antivirus and maybe I didn't disable it correctly.  I don't really see anything other that in "tools" I turned "off" Home Network Security.  Is that okay?

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #10 on: September 17, 2016, 01:39:20 PM »
WAs that it?  Did I do it?

Sorry, Casi, no.  That was a fresh scan with FRST.  In part from the instructions above:

  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: [Select]
start
CreateRestorePoint:
CloseProcesses:
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
U4 eabfiltr; no ImagePath
2016-09-15 07:40 - 2016-09-15 07:40 - 00000000 ____D C:\Users\BB\AppData\Local\{DC45C1AA-02DA-4A99-84F1-1DC278024E63}
2016-09-14 07:32 - 2016-09-14 07:32 - 00000000 ____D C:\Users\BB\AppData\Local\{ABDB6DCD-520B-4019-87B2-4695F0DF9623}
2016-09-13 07:55 - 2016-09-13 07:55 - 00000000 ____D C:\Users\BB\AppData\Local\{654FFAFC-9A8C-4D65-9A0A-83EA6FE751AC}
2016-09-12 11:59 - 2016-09-12 12:00 - 00000000 ____D C:\Users\BB\AppData\Local\{96EBBF8C-B1DE-4D30-9475-FD6499D84993}
2016-09-11 07:43 - 2016-09-11 07:44 - 00000000 ____D C:\Users\BB\AppData\Local\{944006E0-33F4-4922-AFB8-DD53F81C91E5}
2016-09-10 09:28 - 2016-09-10 09:29 - 00000000 ____D C:\Users\BB\AppData\Local\{AD2E33B9-C2F6-40A0-8472-0F9D0A0610B8}
2016-09-09 08:00 - 2016-09-09 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{E662AFA4-3F5B-46B4-A130-EEDD0A2C667B}
2016-09-08 07:51 - 2016-09-08 07:51 - 00000000 ____D C:\Users\BB\AppData\Local\{4E1798D8-4053-405C-B8CC-EE2035FE8890}
2016-09-07 07:25 - 2016-09-07 07:25 - 00000000 ____D C:\Users\BB\AppData\Local\{65529E4E-13D2-4CEA-932D-1A37C2E35E93}
2016-09-06 08:00 - 2016-09-06 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{A8BAE66F-35CB-4946-83E1-2AE83365003D}
2016-09-05 07:36 - 2016-09-05 07:36 - 00000000 ____D C:\Users\BB\AppData\Local\{1E4C6E8B-46EF-449C-8251-54A40F724EA4}
2016-09-04 09:33 - 2016-09-04 09:33 - 00000000 ____D C:\Users\BB\AppData\Local\{5C0E0F57-D571-46DF-8D5E-3AD9C4529FA8}
2016-09-03 09:04 - 2016-09-03 09:04 - 00000000 ____D C:\Users\BB\AppData\Local\{2B1B416A-A4F3-4FC7-A889-375F0FA9C0F9}
2016-09-02 08:34 - 2016-09-02 08:35 - 00000000 ____D C:\Users\BB\AppData\Local\{EC0A2FB9-49EA-407A-9374-70B0257B0CCC}
2016-09-01 07:23 - 2016-09-01 07:23 - 00000000 ____D C:\Users\BB\AppData\Local\{84F76808-E3D4-48E4-AB8D-4C013C1E0E77}
2016-08-31 08:05 - 2016-08-31 08:05 - 00000000 ____D C:\Users\BB\AppData\Local\{B62816B2-6D6E-4CBC-948F-81928A441E0A}
2016-08-30 08:45 - 2016-08-30 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{3A32E553-D754-49E7-A44A-DF7F18EF0034}
2016-08-29 07:30 - 2016-08-29 07:30 - 00000000 ____D C:\Users\BB\AppData\Local\{E24903AC-7068-4DFD-A500-EE5FE65E716F}
2016-08-28 08:46 - 2016-08-28 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{28DFE7D1-1ABA-423D-B8F6-B948BB93BC85}
2016-08-27 08:24 - 2016-08-27 08:24 - 00000000 ____D C:\Users\BB\AppData\Local\{BA88BCDE-8ABB-4D90-95E9-38D2F7B12023}
2016-08-26 08:22 - 2016-08-26 08:22 - 00000000 ____D C:\Users\BB\AppData\Local\{56DBEC03-38B7-4EFC-BD02-68B17D616C80}
2016-08-25 08:01 - 2016-08-25 08:01 - 00000000 ____D C:\Users\BB\AppData\Local\{01F39A48-2550-4F31-A16C-FAB2F8EEDECD}
2016-08-24 08:05 - 2016-08-24 08:06 - 00000000 ____D C:\Users\BB\AppData\Local\{DCE04C44-DCB5-4903-9925-19291124CF80}
2016-08-23 09:08 - 2016-08-23 09:09 - 00000000 ____D C:\Users\BB\AppData\Local\{9907C96F-8C70-456D-BE64-45138B35F13C}
2016-08-22 10:59 - 2016-08-22 11:00 - 00000000 ____D C:\Users\BB\AppData\Local\{1134D9EF-56A9-4078-BD1E-8291F936647F}
2016-08-21 10:17 - 2016-08-21 10:18 - 00000000 ____D C:\Users\BB\AppData\Local\{B5A889A6-9B90-4482-9D7D-667B552ADA53}
2016-08-20 08:03 - 2016-08-20 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{35B93A0B-0F47-499C-B1EE-D0C83452947A}
2016-08-19 08:25 - 2016-08-19 08:25 - 00000000 ____D C:\Users\BB\AppData\Local\{78508DFF-2652-43C0-8BA6-C7E7705DE255}
2016-08-18 20:23 - 2016-08-18 20:23 - 00000000 ____D C:\Users\BB\AppData\Local\{39822212-DD3A-4D35-9A75-C47C7BB0055F}
2016-08-18 08:08 - 2016-08-18 08:08 - 00000000 ____D C:\Users\BB\AppData\Local\{82364979-D5AA-4FC4-AC03-0B6639690AFB}
2016-08-17 08:03 - 2016-08-17 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{B220CD58-644F-47F2-A912-53CCAB9A7B68}
2016-08-16 07:38 - 2016-08-16 07:38 - 00000000 ____D C:\Users\BB\AppData\Local\{7D7BE30C-5910-4359-BC56-B525471E3D5F}
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt

Go ahead and cancel JRT (Junware Removal Tool) and, instead, run an MBAM threat scan:
  • Open Malwarebytes Anti-Malware and on the Dashboard click Update Now.
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs (Export log to save as txt):
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Copy/paste that saved log to your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #11 on: September 17, 2016, 08:22:56 PM »
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/17/2016
Scan Time: 3:42 PM
Logfile: Malewares scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.17.07
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: BB

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320249
Time Elapsed: 26 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #12 on: September 17, 2016, 08:24:58 PM »
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by BB (17-09-2016 15:00:51) Run:2
Running from C:\Users\BB\Desktop
Loaded Profiles: BB (Available Profiles: BB)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start
CreateRestorePoint:
CloseProcesses:
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.5) - C:\Windows\SysWOW64\npdeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
U4 eabfiltr; no ImagePath
2016-09-15 07:40 - 2016-09-15 07:40 - 00000000 ____D C:\Users\BB\AppData\Local\{DC45C1AA-02DA-4A99-84F1-1DC278024E63}
2016-09-14 07:32 - 2016-09-14 07:32 - 00000000 ____D C:\Users\BB\AppData\Local\{ABDB6DCD-520B-4019-87B2-4695F0DF9623}
2016-09-13 07:55 - 2016-09-13 07:55 - 00000000 ____D C:\Users\BB\AppData\Local\{654FFAFC-9A8C-4D65-9A0A-83EA6FE751AC}
2016-09-12 11:59 - 2016-09-12 12:00 - 00000000 ____D C:\Users\BB\AppData\Local\{96EBBF8C-B1DE-4D30-9475-FD6499D84993}
2016-09-11 07:43 - 2016-09-11 07:44 - 00000000 ____D C:\Users\BB\AppData\Local\{944006E0-33F4-4922-AFB8-DD53F81C91E5}
2016-09-10 09:28 - 2016-09-10 09:29 - 00000000 ____D C:\Users\BB\AppData\Local\{AD2E33B9-C2F6-40A0-8472-0F9D0A0610B8}
2016-09-09 08:00 - 2016-09-09 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{E662AFA4-3F5B-46B4-A130-EEDD0A2C667B}
2016-09-08 07:51 - 2016-09-08 07:51 - 00000000 ____D C:\Users\BB\AppData\Local\{4E1798D8-4053-405C-B8CC-EE2035FE8890}
2016-09-07 07:25 - 2016-09-07 07:25 - 00000000 ____D C:\Users\BB\AppData\Local\{65529E4E-13D2-4CEA-932D-1A37C2E35E93}
2016-09-06 08:00 - 2016-09-06 08:00 - 00000000 ____D C:\Users\BB\AppData\Local\{A8BAE66F-35CB-4946-83E1-2AE83365003D}
2016-09-05 07:36 - 2016-09-05 07:36 - 00000000 ____D C:\Users\BB\AppData\Local\{1E4C6E8B-46EF-449C-8251-54A40F724EA4}
2016-09-04 09:33 - 2016-09-04 09:33 - 00000000 ____D C:\Users\BB\AppData\Local\{5C0E0F57-D571-46DF-8D5E-3AD9C4529FA8}
2016-09-03 09:04 - 2016-09-03 09:04 - 00000000 ____D C:\Users\BB\AppData\Local\{2B1B416A-A4F3-4FC7-A889-375F0FA9C0F9}
2016-09-02 08:34 - 2016-09-02 08:35 - 00000000 ____D C:\Users\BB\AppData\Local\{EC0A2FB9-49EA-407A-9374-70B0257B0CCC}
2016-09-01 07:23 - 2016-09-01 07:23 - 00000000 ____D C:\Users\BB\AppData\Local\{84F76808-E3D4-48E4-AB8D-4C013C1E0E77}
2016-08-31 08:05 - 2016-08-31 08:05 - 00000000 ____D C:\Users\BB\AppData\Local\{B62816B2-6D6E-4CBC-948F-81928A441E0A}
2016-08-30 08:45 - 2016-08-30 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{3A32E553-D754-49E7-A44A-DF7F18EF0034}
2016-08-29 07:30 - 2016-08-29 07:30 - 00000000 ____D C:\Users\BB\AppData\Local\{E24903AC-7068-4DFD-A500-EE5FE65E716F}
2016-08-28 08:46 - 2016-08-28 08:46 - 00000000 ____D C:\Users\BB\AppData\Local\{28DFE7D1-1ABA-423D-B8F6-B948BB93BC85}
2016-08-27 08:24 - 2016-08-27 08:24 - 00000000 ____D C:\Users\BB\AppData\Local\{BA88BCDE-8ABB-4D90-95E9-38D2F7B12023}
2016-08-26 08:22 - 2016-08-26 08:22 - 00000000 ____D C:\Users\BB\AppData\Local\{56DBEC03-38B7-4EFC-BD02-68B17D616C80}
2016-08-25 08:01 - 2016-08-25 08:01 - 00000000 ____D C:\Users\BB\AppData\Local\{01F39A48-2550-4F31-A16C-FAB2F8EEDECD}
2016-08-24 08:05 - 2016-08-24 08:06 - 00000000 ____D C:\Users\BB\AppData\Local\{DCE04C44-DCB5-4903-9925-19291124CF80}
2016-08-23 09:08 - 2016-08-23 09:09 - 00000000 ____D C:\Users\BB\AppData\Local\{9907C96F-8C70-456D-BE64-45138B35F13C}
2016-08-22 10:59 - 2016-08-22 11:00 - 00000000 ____D C:\Users\BB\AppData\Local\{1134D9EF-56A9-4078-BD1E-8291F936647F}
2016-08-21 10:17 - 2016-08-21 10:18 - 00000000 ____D C:\Users\BB\AppData\Local\{B5A889A6-9B90-4482-9D7D-667B552ADA53}
2016-08-20 08:03 - 2016-08-20 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{35B93A0B-0F47-499C-B1EE-D0C83452947A}
2016-08-19 08:25 - 2016-08-19 08:25 - 00000000 ____D C:\Users\BB\AppData\Local\{78508DFF-2652-43C0-8BA6-C7E7705DE255}
2016-08-18 20:23 - 2016-08-18 20:23 - 00000000 ____D C:\Users\BB\AppData\Local\{39822212-DD3A-4D35-9A75-C47C7BB0055F}
2016-08-18 08:08 - 2016-08-18 08:08 - 00000000 ____D C:\Users\BB\AppData\Local\{82364979-D5AA-4FC4-AC03-0B6639690AFB}
2016-08-17 08:03 - 2016-08-17 08:04 - 00000000 ____D C:\Users\BB\AppData\Local\{B220CD58-644F-47F2-A912-53CCAB9A7B68}
2016-08-16 07:38 - 2016-08-16 07:38 - 00000000 ____D C:\Users\BB\AppData\Local\{7D7BE30C-5910-4359-BC56-B525471E3D5F}
EmptyTemp:
end


*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Windows\SysWOW64\npdeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
eabfiltr => service removed successfully
"C:\Users\BB\AppData\Local\{DC45C1AA-02DA-4A99-84F1-1DC278024E63}" => not found.
"C:\Users\BB\AppData\Local\{ABDB6DCD-520B-4019-87B2-4695F0DF9623}" => not found.
"C:\Users\BB\AppData\Local\{654FFAFC-9A8C-4D65-9A0A-83EA6FE751AC}" => not found.
"C:\Users\BB\AppData\Local\{96EBBF8C-B1DE-4D30-9475-FD6499D84993}" => not found.
"C:\Users\BB\AppData\Local\{944006E0-33F4-4922-AFB8-DD53F81C91E5}" => not found.
"C:\Users\BB\AppData\Local\{AD2E33B9-C2F6-40A0-8472-0F9D0A0610B8}" => not found.
"C:\Users\BB\AppData\Local\{E662AFA4-3F5B-46B4-A130-EEDD0A2C667B}" => not found.
"C:\Users\BB\AppData\Local\{4E1798D8-4053-405C-B8CC-EE2035FE8890}" => not found.
"C:\Users\BB\AppData\Local\{65529E4E-13D2-4CEA-932D-1A37C2E35E93}" => not found.
"C:\Users\BB\AppData\Local\{A8BAE66F-35CB-4946-83E1-2AE83365003D}" => not found.
"C:\Users\BB\AppData\Local\{1E4C6E8B-46EF-449C-8251-54A40F724EA4}" => not found.
"C:\Users\BB\AppData\Local\{5C0E0F57-D571-46DF-8D5E-3AD9C4529FA8}" => not found.
"C:\Users\BB\AppData\Local\{2B1B416A-A4F3-4FC7-A889-375F0FA9C0F9}" => not found.
"C:\Users\BB\AppData\Local\{EC0A2FB9-49EA-407A-9374-70B0257B0CCC}" => not found.
"C:\Users\BB\AppData\Local\{84F76808-E3D4-48E4-AB8D-4C013C1E0E77}" => not found.
"C:\Users\BB\AppData\Local\{B62816B2-6D6E-4CBC-948F-81928A441E0A}" => not found.
"C:\Users\BB\AppData\Local\{3A32E553-D754-49E7-A44A-DF7F18EF0034}" => not found.
"C:\Users\BB\AppData\Local\{E24903AC-7068-4DFD-A500-EE5FE65E716F}" => not found.
"C:\Users\BB\AppData\Local\{28DFE7D1-1ABA-423D-B8F6-B948BB93BC85}" => not found.
"C:\Users\BB\AppData\Local\{BA88BCDE-8ABB-4D90-95E9-38D2F7B12023}" => not found.
"C:\Users\BB\AppData\Local\{56DBEC03-38B7-4EFC-BD02-68B17D616C80}" => not found.
"C:\Users\BB\AppData\Local\{01F39A48-2550-4F31-A16C-FAB2F8EEDECD}" => not found.
"C:\Users\BB\AppData\Local\{DCE04C44-DCB5-4903-9925-19291124CF80}" => not found.
"C:\Users\BB\AppData\Local\{9907C96F-8C70-456D-BE64-45138B35F13C}" => not found.
"C:\Users\BB\AppData\Local\{1134D9EF-56A9-4078-BD1E-8291F936647F}" => not found.
"C:\Users\BB\AppData\Local\{B5A889A6-9B90-4482-9D7D-667B552ADA53}" => not found.
"C:\Users\BB\AppData\Local\{35B93A0B-0F47-499C-B1EE-D0C83452947A}" => not found.
"C:\Users\BB\AppData\Local\{78508DFF-2652-43C0-8BA6-C7E7705DE255}" => not found.
"C:\Users\BB\AppData\Local\{39822212-DD3A-4D35-9A75-C47C7BB0055F}" => not found.
"C:\Users\BB\AppData\Local\{82364979-D5AA-4FC4-AC03-0B6639690AFB}" => not found.
"C:\Users\BB\AppData\Local\{B220CD58-644F-47F2-A912-53CCAB9A7B68}" => not found.
"C:\Users\BB\AppData\Local\{7D7BE30C-5910-4359-BC56-B525471E3D5F}" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37739780 B
Java, Flash, Steam htmlcache => 11944 B
Windows/system/drivers => 853381371 B
Edge => 0 B
Chrome => 27697208 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 23654 B
BB => 735508771 B

RecycleBin => 8910228 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:06:18 ====

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20208
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #13 on: September 17, 2016, 09:21:31 PM »
It appears that the fix I had posted was run before, just that the log wasn't located. 

Did this make a difference?



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Casi

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Re: Hubbie's laptop is getting message "AOL not responding" "recover webpage"
« Reply #14 on: September 17, 2016, 10:50:02 PM »
No :-[,
I thought sure that it would but tonite he was trying to get the weather on AOL and it did it's deal and for some reason the city for the weather keeps changing and it takes forever to get the right city put in!  Don't know if getting a new lap top would solve the problem.  My husband is not very computer savy and he doesn't understand that a lot of places he surfs could be causing the problems.
Is there anything else?