Pop ups on any click on a page

[WsW-WYATT-EARP]

Hi -

I've had my computer running now without an issue for as long as I can remember. My wife and I use it mainly for bills and banking, she watches some netflix or hulu with it as well. I did photo editing on it for a long time also.

 

Enter step-son .... he needed to print something I guess, sent the file(s) from his computer and came on mine. He couldn't print from his computer I guess (we have a network printer). I know his computer is loaded with crap again and I said I would wipe and reinstall the OS but I won't spend my time or yours cleaning his computer again. So after I guess a little time on my computer, I get pop ups from everything.

 

I have ran adaware, kapersky online scan, superantispyware, spybot search and destroy, mbam ... they all found items and removed them except the mbam scan came clean. Still getting pop ups - allot of pckeeper and stuff like that. Took a bit to get a few install files as it kept trying to get me to dl mackeeper

 

I use AVG free and Firefox as my browser

 

Thanks so much!

Ben

 

Here is dds logs and Farbar logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.40.2
Run by Ben at 19:47:18 on 2015-06-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8125.4865 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Windows\System32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
TCP: NameServer = 192.168.27.4
TCP: Interfaces\{0838907C-E5FD-42A5-96BF-8B8865625792} : DHCPNameServer = 192.168.27.4
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\d6oiifor.default-1432603543830\
FF - prefs.js: browser.search.selectedEngine - Ad-Aware SecureSearch
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-7 253920]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-7 220128]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-7-23 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-7-23 15920]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-4-27 284128]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-4 291296]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-5-18 3438544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-5-18 311792]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [2015-3-10 720760]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2015-5-25 2751816]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-9-5 66560]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-6-2 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-6-2 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-6-2 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 vToolbarUpdater18.5.0;vToolbarUpdater18.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [2015-5-13 1812416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-5-25 25816]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-5-25 1080120]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-12 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-5-25 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-10 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-21 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-22 59392]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-7-3 4774208]
S3 vzandnetbus;LGE Mobile for VZW USB Composite Device;C:\Windows\System32\drivers\lgvzandnetbus64.sys [2015-4-4 27648]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2014-3-31 30208]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2014-3-31 36864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-06-04 01:39:38 -------- d-----w- C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2015-06-04 01:39:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-06-04 01:39:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-06-03 01:33:54 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2015-06-03 01:33:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-06-03 01:33:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-02 14:38:12 -------- d-----w- C:\Users\Ben\AppData\Local\Avg
2015-06-02 00:55:54 -------- d-----w- C:\Users\Ben\AppData\Roaming\LavasoftStatistics
2015-06-02 00:55:49 -------- d-----w- C:\Users\Ben\AppData\Local\Lavasoft
2015-06-02 00:55:45 429392 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2015-06-02 00:55:45 347976 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2015-06-02 00:55:35 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-06-02 00:54:56 -------- d-----w- C:\Program Files\Lavasoft
2015-06-02 00:53:55 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2015-05-26 01:15:18 -------- d-----w- C:\Program Files\CCleaner
2015-05-25 23:34:39 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-05-25 23:34:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-05-25 23:34:26 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-05-25 23:34:26 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-05-25 23:34:26 -------- d-----w- C:\ProgramData\Malwarebytes
2015-05-25 23:34:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-25 23:34:12 -------- d-----w- C:\Users\Ben\AppData\Local\Programs
2015-05-25 14:41:24 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2015-05-13 06:02:14 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:02:14 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:54:51 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-05-07 18:50:22 378336 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2015-05-07 18:49:24 253920 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2015-05-07 18:49:22 220128 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
==================== Find3M ====================
.
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-05-04 19:14:30 291296 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:19:16 284128 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-15 18:06:02 256992 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-04-15 05:36:08 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 05:36:08 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
.
============= FINISH: 19:47:44.45 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/21/2012 9:00:28 PM
System Uptime: 6/4/2015 9:29:41 PM (22 hours ago)
.
Motherboard: Intel Corporation | | DP35DP
Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU1 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 125.35 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 414.81 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 84.676 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
H: is FIXED (NTFS) - 931 GiB total, 282.903 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
N: is Removable
O: is Removable
P: is Removable
Q: is FIXED (FAT32) - 931 GiB total, 99.681 GiB free.
R: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Service:
.
==== System Restore Points ===================
.
RP219: 5/28/2015 12:00:09 AM - Scheduled Checkpoint
RP220: 6/1/2015 7:53:32 PM - AA11
RP221: 6/1/2015 7:55:19 PM - LavasoftWeCompanion
.
==== Installed Programs ======================
.
µTorrent
64 Bit HP CIO Components Installer
Ad-Aware Antivirus
Ad-Aware Web Companion
AdAwareInstaller
AdAwareUpdater
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Standard
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Media Player
Adobe Reader XI (11.0.11)
Amazon MP3 Downloader 1.0.17
AntimalwareEngine
Avery Wizard 5.0
AVG 2015
AVG Security Toolbar
AVS Audio Converter 7.2
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Bigasoft Total Video Converter 3.7.24.4700
CCleaner
Color Efex Pro 3.0 Complete
Core FTP Pro 2.1
Dfine 2.0
DVD Shrink 3.2
HDR Efex Pro
IDT Audio
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
Imagenomic Portraiture 2.3 Plug-in (build 2308)
Java 8 Update 40
Java Auto Updater
LavasoftTcpService
Lexmark 2600 Series
LG Verizon United Driver
LightScribe System Software
Malwarebytes Anti-Malware version 2.1.6.1022
Microsoft .NET Framework 4.5.1
Microsoft Money 98
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 38.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
Nero 11 Mini Repack
Nero Backup Drivers
NETGEAR Live Parental Controls Management Utility 2.1.5
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.15.2
NVIDIA Update Components
Opanda IExif 2.3
PDF Settings CS5
Photodex Presenter
Photodex ProShow Producer version 4.52
PhotoWatermark Professional 7
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2883029) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2965282) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2965284) 32-Bit Edition
Sharpener Pro 3.0
Silver Efex Pro
Spybot - Search & Destroy
SUPERAntiSpyware
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2986252) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Viveza 2
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.5
VNC Viewer 5.0.5
Vuze
Vuze Remote Toolbar v11.3
Web Companion
Winamp
Winamp Detector Plug-in
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
6/4/2015 9:30:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.
6/4/2015 9:30:04 PM, Error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Ben (administrator) on BEN-PC on 05-06-2015 19:48:23
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-12] (IDT, Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-13] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Reminder] => C:\Program Files (x86)\Microsoft Money\System\reminder.exe [34304 1997-08-15] (Microsoft Corporation)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1376016 2015-05-25] (Lavasoft)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: S - S:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {1146cd42-6fbc-11e4-9ba7-001cc0388498} - T:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {1146cd4c-6fbc-11e4-9ba7-001cc0388498} - T:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {26c867be-b65e-11e3-b22c-001cc0388498} - S:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {51a82c57-ceab-11e4-ae3b-001cc0388498} - S:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {5e9c7bf4-156c-11e2-b16a-001cc0388498} - "Q:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {5e9c7bfd-156c-11e2-b16a-001cc0388498} - "Q:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {5e9c7c05-156c-11e2-b16a-001cc0388498} - "Q:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {656c2b60-721b-11e3-9fae-001cc0388498} - U:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {ce9ac43c-c9e5-11e3-aae5-001cc0388498} - T:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-02] (AVG Secure Search)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-10-15]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> DefaultScope {D8CAF3B5-325E-4A2E-8EA8-AF247108C717} URL =
SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={7E40E952-C22D-4464-8FB6-251D0C5CB4CF}&mid=e107dcb1c5a147d0a5cfd15586dc6d6b-8c67b2054c0c796ae551bf295ff9b4d493d1d8ca&lang=en&ds=AVG&pr=fr&d=2012-07-21 21:15:44&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_cnet_150602&q={searchTerms}
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-13] (AVG Secure Search)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.27.4

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\d6oiifor.default-1432603543830
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java

[Juliet]

Hi Ben, sorry it took so long I'm under the weather.

 

Two antivirus programs on the machine.

AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}

AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}

FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

 

I know it says disabled but it shows both in running processes and services.

 

C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe

C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe

C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

 

 

µTorrent, Azureus, Vuze <--tsk tsk, you know the dangers there

 

RegCure Pro <-- if found should be uninstalled

Vuze Remote Toolbar v11.3 <-- if found should be uninstalled

 

 

~~~~~~~~~~~~~~~`

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CreateRestorePoint:

CloseProcesses:

SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> DefaultScope {D8CAF3B5-325E-4A2E-8EA8-AF247108C717} URL =

SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch...q={searchTerms}

BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File

Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File

C:\Users\Ben\AppData\Local\Temp\ose00000.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A4D014A8-92F3-45C5-83DF-08974F884C09}.exe <==== ATTENTION

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{47CF15A4-175D-498A-AE51-463DA3BC077A}.exe <==== ATTENTION

AlternateDataStreams: C:\Windows:nlsPreferences

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~~

 

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~~

 

Malwarebytes Anti-Rootkit

• Download Malwarebytes Anti-Rootkit
• Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
• Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
• Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
• Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
• After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
• Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
• If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

• Please click by the introduction screen on the Next button to continue.

• Next you will see the Update Database screen.
• Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

• When the update has finished, click on the Next button.

• Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
• Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

• When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
• Make sure everything is selected and that the option to create a restore point is checked.
• Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
• Click on Yes button to restart your computer.

• There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
• The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
  • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
• The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

please post

Fixlog.txt

Junk Removal tool

MBAR log

[WsW-WYATT-EARP]

Juliet -

 

No need to appologize for anything - hope you feel better soon! Thanks for taking a look at this.

 

The Ad-Aware was installed from the sticky in this section of the tools to use before posting any logs. I uninstalled Ad-Aware as of now.

 

I couldn't find any traces of regcure pro and the vuze remote toolbar can't find the directory to uninstall.

 

FRST ran ok - log below

 

JRT ran ok - log below

 

MBAR did NOT run ok. It stopped scanning on a small jpg in my downloads - I stopped it, rebooted and restarted it. I also deleted the jpg it was stuck on (a file my wife sent from work when I designed some biz cards for her). This time it is stuck on a manual that I downloaded. It was stuck on this file for at least 2 hours now, I'm not sure how to proceed with that. I have no log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Ben at 2015-06-07 15:48:28 Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> DefaultScope {D8CAF3B5-325E-4A2E-8EA8-AF247108C717} URL =
SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch...q={searchTerms}
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
C:\Users\Ben\AppData\Local\Temp\ose00000.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A4D014A8-92F3-45C5-83DF-08974F884C09}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{47CF15A4-175D-498A-AE51-463DA3BC077A}.exe <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => key removed successfully
HKCR\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
C:\Users\Ben\AppData\Local\Temp\ose00000.exe => moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 191.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:49:05 ====

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows 7 Ultimate x64
Ran by Ben on Sun 06/07/2015 at 15:53:29.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] yahooauservice
Successfully deleted: [service] yahooauservice



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Failed to delete: [File] C:\Windows\system32\LavasoftTcpService64.dll
Failed to delete: [File] C:\Windows\syswow64\LavasoftTcpService.dll
Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Windows\system32\LavasoftTcpServiceOff.ini
Successfully deleted: [File] C:\Windows\syswow64\LavasoftTcpServiceOff.ini
Successfully deleted: [File] C:\Users\Ben\appdata\local\81da748dc58977149ba733cee7429743



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\avg security toolbar
Successfully deleted: [Folder] C:\Users\Ben\appdata\local\pc_drivers_headquarters



~~~ FireFox

Successfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\d6oiifor.default-1432603543830\searchplugins\securesearch.xml
Successfully deleted the following from C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\d6oiifor.default-1432603543830\prefs.js

user_pref(browser.newtab.url, hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602);
user_pref(browser.search.defaultenginename, Ad-Aware SecureSearch);
user_pref(browser.search.selectedEngine, Ad-Aware SecureSearch);
user_pref(browser.startup.homepage, hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602);
user_pref(extensions.xpiState, {\app-global\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\d\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/07/2015 at 15:57:18.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Juliet]

 

I couldn't find any traces of regcure pro and the vuze remote toolbar can't find the directory to uninstall.

We'll check again.

 

Are you still having pop ups?

[WsW-WYATT-EARP]

Morning Juliet,

 

The pop up that was happening seems to have stopped. But, it's still opening another tab in Firefox when I click anywhere on a page, even if it isn't a link. Usually the tab is pckeeper or some other fix it page.

[Juliet]

Let's try the easy things first.

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks

   

   

  Proceed with the reset once done.

• Internet Explorer: How to reset Internet Explorer settings
• Firefox: Reset Firefox
• Chrome: Chrome - Reset browser settings

   

[WsW-WYATT-EARP]

ok - I reset firefox and when I came back to here I got extra tabs and a pop-up saying (an audio clip played it as well) to call some # to get virus removal instructions....

I don't use chrome or internet explorer but I can try IE if you want me to ?

 

The Mbar was still hanging when I got home trying to close - I had to go through task manager to end it.

[Juliet]

Could be antivirus was interfering

 

Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

  Important! Please do not perform any fix options offered in aswMBR

~~~~~~~~~~~~~~~~~~~~

 

Let's see if we can get ComboFix to run.

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

   

   

   

  You can get help on disabling your protection programs here

• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply

   

  Note:

  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

   

  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

   

  ---------------------------------------------------------------------------------------------

• Ensure your AntiVirus and AntiSpyware applications are re-enabled.

   

  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

  ---------------------------------------------------------------------------------------------

• If there are Internet issues after running ComboFix:

  Internet Explorer:

  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

  Firefox:

  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

  Chrome:

  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

  Safari

  Launch Safari

  Go to general settings menu

  Then in Preferences/ Advanced

  Then on line click Proxies change settings ...

  Click Internet Options, then click the Connections tab, click Network Settings.

  Disable option (uncheck) for the use of proxy server ...

[WsW-WYATT-EARP]

Both scans ran ok - Logs below

 

I couldn't get spybot S&D to stop and combofix ran anyways - I thought I disabled everything. I can uninstall it if you want?

 

I tried to search how to disable it after the 1st warning came up but firefox won't allow me to search anything.

 

When I say I can click anywhere on a page and a tab opens up - I mean anywhere, can be blank area or a link or anything.

 

 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-06-08 17:56:10
-----------------------------
17:56:10.128 OS Version: Windows x64 6.1.7601 Service Pack 1
17:56:10.128 Number of processors: 4 586 0x1707
17:56:10.129 ComputerName: BEN-PC UserName: Ben
17:56:10.720 Initialize success
17:56:10.825 VM: initialized successfully
17:56:10.826 VM: Intel CPU virtualization not supported
17:58:45.733 AVAST engine defs: 15060801
17:59:01.342 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:59:01.342 Disk 0 Vendor: OCZ-VERTEX4 1.4.1.3 Size: 244198MB BusType: 3
17:59:01.342 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-3
17:59:01.342 Disk 1 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
17:59:01.358 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
17:59:01.358 Disk 2 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
17:59:01.358 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-5
17:59:01.358 Disk 3 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
17:59:01.374 Disk 0 MBR read successfully
17:59:01.374 Disk 0 MBR scan
17:59:01.374 Disk 0 Windows 7 default MBR code
17:59:01.389 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:59:01.389 Disk 0 default boot code
17:59:01.405 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 206848
17:59:01.420 Disk 0 scanning C:\Windows\system32\drivers
17:59:05.686 Service scanning
17:59:15.952 Modules scanning
17:59:15.952 Disk 0 trace - called modules:
17:59:15.952 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:59:15.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071f0060]
17:59:15.967 3 CLASSPNP.SYS[fffff8800190043f] -> nt!IofCallDriver -> [0xfffffa8006fcee40]
17:59:15.967 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006fea060]
17:59:16.561 AVAST engine scan C:\Windows
17:59:17.202 AVAST engine scan C:\Windows\system32
18:01:07.655 AVAST engine scan C:\Windows\system32\drivers
18:01:12.842 AVAST engine scan C:\Users\Ben
18:17:18.515 AVAST engine scan C:\ProgramData
18:25:07.344 Disk 0 statistics 4892270/0/0 @ 2.26 MB/s
18:25:07.344 Scan finished successfully
18:25:18.235 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
18:25:18.235 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

 

 

ComboFix 15-05-31.01 - Ben 06/08/2015 18:34:55.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8125.5642 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL896B.tmp
E:\install.exe
c:\windows\system32\Drivers\ksecdd.sys . . . . Failed to delete
.
c:\windows\SysWow64\drivers\AGP440.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2015-05-08 to 2015-06-08 )))))))))))))))))))))))))))))))
.
.
2015-06-08 23:42 . 2015-06-08 23:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-06-08 23:42 . 2015-06-08 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-07 21:03 . 2015-06-07 22:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-07 20:53 . 2015-06-07 20:53 -------- d-----w- C:\RegBackup
2015-06-06 23:52 . 2015-06-06 23:52 -------- d-----w- c:\users\Ben\AppData\Local\GWX
2015-06-06 00:48 . 2015-06-07 20:50 -------- d-----w- C:\FRST
2015-06-05 10:09 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll
2015-06-05 10:09 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-05 10:09 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
2015-06-05 10:09 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
2015-06-05 10:09 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
2015-06-05 10:09 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-06-05 10:09 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
2015-06-05 10:09 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
2015-06-04 01:39 . 2015-06-04 01:39 -------- d-----w- c:\users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2015-06-04 01:39 . 2015-06-04 01:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-06-04 01:39 . 2015-06-04 01:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-06-03 01:33 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-06-03 01:33 . 2015-06-04 01:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-06-03 01:33 . 2015-06-03 01:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-06-02 14:38 . 2015-06-02 14:38 -------- d-----w- c:\users\Ben\AppData\Local\Avg
2015-06-02 00:55 . 2015-06-02 00:55 -------- d-----w- c:\users\Ben\AppData\Local\Lavasoft
2015-06-02 00:55 . 2015-05-25 15:24 429392 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-06-02 00:55 . 2015-05-25 15:24 347976 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-06-02 00:55 . 2015-06-02 00:55 -------- d-----w- c:\program files (x86)\Lavasoft
2015-06-02 00:53 . 2015-06-07 20:43 -------- d-----w- c:\users\Ben\AppData\Roaming\Lavasoft
2015-06-02 00:53 . 2015-06-07 20:43 -------- d-----w- c:\programdata\Lavasoft
2015-05-26 01:15 . 2015-05-26 01:15 -------- d-----w- c:\program files\CCleaner
2015-05-25 23:34 . 2015-06-07 22:49 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-25 23:34 . 2015-06-07 21:03 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-25 23:34 . 2015-05-25 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-25 23:34 . 2015-05-25 23:34 -------- d-----w- c:\programdata\Malwarebytes
2015-05-25 23:34 . 2015-04-14 14:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-25 23:34 . 2015-04-14 14:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-25 23:34 . 2015-05-25 23:34 -------- d-----w- c:\users\Ben\AppData\Local\Programs
2015-05-25 14:41 . 2015-05-25 14:41 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-05-13 06:02 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:02 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:54 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 06:04 . 2012-07-22 02:20 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-07 18:50 . 2015-05-07 18:50 378336 ----a-w- c:\windows\system32\drivers\avgloga.sys
2015-05-07 18:49 . 2015-05-07 18:49 253920 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2015-05-07 18:49 . 2015-05-07 18:49 220128 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-05-04 19:14 . 2015-05-04 19:14 291296 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-04-27 19:04 . 2015-05-13 02:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-27 18:19 . 2015-04-27 18:19 284128 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-04-15 18:06 . 2015-04-15 18:06 256992 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2015-04-15 05:36 . 2012-08-14 08:15 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 05:36 . 2012-07-25 17:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-25 03:24 . 2015-04-14 19:04 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 19:04 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 19:04 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 19:04 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 19:04 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 19:04 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 19:04 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 19:04 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 19:04 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 19:04 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 19:04 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 19:04 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 19:04 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 19:04 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 19:04 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 19:04 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-20 17:18 . 2015-03-20 17:18 40928 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2015-03-20 02:29 . 2014-12-06 15:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-11 17:16 . 2015-03-11 17:16 162784 ----a-w- c:\windows\system32\drivers\avgdiska.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-21 06:32 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\SysWOW64\drivers\AGP440.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files (x86)\Microsoft Money\System\reminder.exe" [1997-08-15 34304]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2012-07-02 2736128]
"Web Companion"="c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" [2015-05-25 1376016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-15 7799576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2015-05-13 2510784]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-05-18 3745744]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe;c:\program files\RealVNC\VNC Server\vncserver.exe [x]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgvzandnetadb.sys [x]
R3 vzandnetbus;LGE Mobile for VZW USB Composite Device;c:\windows\system32\DRIVERS\lgvzandnetbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetbus64.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vToolbarUpdater18.5.0;vToolbarUpdater18.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 21:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.27.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\fndtnemk.default-1433801736616\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Photodex\ProShow Producer\scsiaccess.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2015-06-08 18:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-08 23:47
.
Pre-Run: 133,001,793,536 bytes free
Post-Run: 132,540,489,728 bytes free
.
- - End Of File - - 975AC5E6C9AF73658F372A4377E3C87C
A36C5E4F47E84449FF07ED3517B43A31

[Juliet]

I still see bits and pieces of Lavasoft on there but no big deal, we can get those off later.

 

Show all files and folders

http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

 

 

Please go to one of the below sites to scan the following files:

Virus Total (Recommended)

jotti.org

VirScan

click on Browse, and upload the following file for analysis:

 

C:\windows\SysWOW64\drivers\AGP440.SYS

 

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

[WsW-WYATT-EARP]

https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1433809802/

[WsW-WYATT-EARP]

According to the details in explorer - this file has 0 bytes

[Juliet]

Scan with ESET Online Scan

 

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Juliet]

According to the details in explorer - this file has 0 bytes

I know

http://www.systemlookup.com/Drivers/139-agp440_sys.html

 

we can't go in there and just delete it out either.

[WsW-WYATT-EARP]

eset results

 

C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Ben\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
H:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
H:\Program Files (x86)\ConduitEngine\ConduitEngin.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
H:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application
H:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
H:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll Win32/Toolbar.Conduit.AQ potentially unwanted application
H:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application
H:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
H:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll Win32/Toolbar.Conduit.AQ potentially unwanted application
H:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
H:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application
H:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
H:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
H:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application
H:\Users\ben\AppData\Local\Temp\Stub.EXE a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
H:\Users\ben\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
H:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe multiple threats
H:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
H:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
H:\Users\ben\AppData\Roaming\Complitly\Complitly.dll a variant of Win32/Complitly.A potentially unwanted application
H:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe a variant of Win32/PredictAd.A potentially unwanted application
H:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll a variant of Win64/Complitly.A potentially unwanted application
H:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe a variant of Win32/PredictAd.A potentially unwanted application

[Juliet]

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CreateRestorePoint:

CloseProcesses:

C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe

C:\Users\Ben\Downloads\ccsetup505.exe

H:\Program Files (x86)\Conduit\Community Alerts\Alert.dll

H:\Program Files (x86)\ConduitEngine\ConduitEngin.dll

H:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe

H:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll

H:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

H:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe

H:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll

H:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

H:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll

H:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe

H:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

H:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll

H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

H:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe

H:\Users\ben\AppData\Local\Temp\Stub.EXE

H:\Users\ben\AppData\Local\Temp\YontooIEClient.dll

H:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe

H:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll

H:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll

H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll

H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll

H:\Users\ben\AppData\Roaming\Complitly\Complitly.dll

H:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe

H:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll

H:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe

EmptyTemp:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

How are things now?

[WsW-WYATT-EARP]

fix ran ok -

 

no change with tab and popup - allot of the popups are java installs - I don't do them but that is allot of them. Just trying to give info

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Ben at 2015-06-09 18:07:19 Run:2
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe
C:\Users\Ben\Downloads\ccsetup505.exe
H:\Program Files (x86)\Conduit\Community Alerts\Alert.dll
H:\Program Files (x86)\ConduitEngine\ConduitEngin.dll
H:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe
H:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll
H:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
H:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe
H:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll
H:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
H:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll
H:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe
H:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
H:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
H:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe
H:\Users\ben\AppData\Local\Temp\Stub.EXE
H:\Users\ben\AppData\Local\Temp\YontooIEClient.dll
H:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe
H:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll
H:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll
H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll
H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll
H:\Users\ben\AppData\Roaming\Complitly\Complitly.dll
H:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe
H:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll
H:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe => moved successfully.
C:\Users\Ben\Downloads\ccsetup505.exe => moved successfully.
H:\Program Files (x86)\Conduit\Community Alerts\Alert.dll => moved successfully.
H:\Program Files (x86)\ConduitEngine\ConduitEngin.dll => moved successfully.
H:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe => moved successfully.
H:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll => moved successfully.
H:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll => moved successfully.
H:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe => moved successfully.
H:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll => moved successfully.
H:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll => moved successfully.
H:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll => moved successfully.
H:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe => moved successfully.
H:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll => moved successfully.
H:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll => moved successfully.
H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll => moved successfully.
H:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe => moved successfully.
H:\Users\ben\AppData\Local\Temp\Stub.EXE => moved successfully.
H:\Users\ben\AppData\Local\Temp\YontooIEClient.dll => moved successfully.
H:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe => moved successfully.
H:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll => moved successfully.
H:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll => moved successfully.
H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll => moved successfully.
H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll => moved successfully.
H:\Users\ben\AppData\Roaming\Complitly\Complitly.dll => moved successfully.
H:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe => moved successfully.
H:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll => moved successfully.
H:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe => moved successfully.
EmptyTemp: => 217.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:07:35 ====

[WsW-WYATT-EARP]

also - the right click menu is very strange ..... very long with way more options than normal.

[Juliet]

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

 

 

Let's reset browsers once again.

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

• Backup Internet Explorer Favourites
• Backup Firefox Bookmarks
• Backup Chrome Bookmarks

   

  Proceed with the reset once done.

• Internet Explorer: How to reset Internet Explorer settings
• Firefox: Reset Firefox
• Chrome: Chrome - Reset browser settings

   

  ~~~~~~~~~~~~~~~~~~

   

  Delete the version of AdwCleaner you have and we will download an updated one.

   

  AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
• Follow the prompts.
• Click Scan.
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
• Follow the prompts and allow your computer to reboot.
• After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.
• -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

   

  ~~~~~~~~~~~~~~~~~~~~~

   

  Let's update and run a scan with Malwarebytes Anti-Malware

• Click on Update Now to download the current database definitions, then click the Scan Now >> button.
• If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
• You will be prompted to update Malwarebytes...click on the Update Now button.
• The THREAT SCAN will automatically begin.
• When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
• To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
• After rebooting the computer, copy and paste the mbam.log in your next reply.

  To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

• Open Malwarebytes Anti-Malware.
• Click the History Tab at the top and select Application Logs.
• Select (check) the box next to Scan Log. Choose the most current scan.
• Click the View button.
• Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
• Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

  ~~~~~~~~~~~~~~~~~~~~~~`

• Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

   

  You can redownload Java from here.

  http://java.com/en/download/index.jsp

[Juliet]

 

the right click menu is very strange

Is this only with Firefox

 

 

https://support.mozilla.org/en-US/questions/956675

https://support.mozilla.org/en-US/questions/958458

If it works in Safe Mode and in normal mode with all extensions (Tools > Add-ons > Extensions) disabled then try to find which extension is causing it by enabling one extension at a time until the problem reappears.

 

[WsW-WYATT-EARP]

I only use firefox - I don't know if it's happening elsewhere

[WsW-WYATT-EARP]

So far I have uninstalled the only java install and ran adwcleaner

 

Things still the same so far

 

 

adwcleaner log -

 

# AdwCleaner v4.206 - Logfile created 09/06/2015 at 19:42:52
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Ben - BEN-PC
# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.5.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Driver Manager
Folder Deleted : C:\ProgramData\Avg_Update_0814tb
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Ben\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ben\AppData\LocalLow\AVG Secure Search

***** [ Scheduled tasks ] *****

Task Deleted : AVG-Secure-Search-Update_JUNE2013_HP_rmv
Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.6 (x86 en-US)

[vl5k80lm.default-1433896162709\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285[...]

*************************

AdwCleaner[R0].txt - [7635 bytes] - [09/06/2015 19:36:44]
AdwCleaner[s0].txt - [7447 bytes] - [09/06/2015 19:42:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7506 bytes] ##########

[Juliet]

Post these when you can

FRST.txt & Addition.txt and MBAM

 

I've got to call it a night.

[WsW-WYATT-EARP]

MBAM came up clean

 

FRST logs below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Ben (administrator) on BEN-PC on 09-06-2015 21:04:58
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-12] (IDT, Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Reminder] => C:\Program Files (x86)\Microsoft Money\System\reminder.exe [34304 1997-08-15] (Microsoft Corporation)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1376016 2015-05-25] (Lavasoft)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-10-15]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.27.4

FireFox:
========
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vl5k80lm.default-1433896162709
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2012-12-02] ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1628508633-2882252568-2130994149-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-07-22] (Macrovision Europe Ltd.) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2751816 2015-05-25] (Lavasoft Limited)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-09-05] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe [186760 2010-12-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\STacSV64.exe [268288 2009-03-12] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)
R0 KSecDD; C:\Windows\SysWOW64\Drivers\ksecdd.sys [0 2013-02-21] () <==== ATTENTION (zero byte File/Folder)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-07] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [27648 2014-12-12] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [30208 2014-12-12] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-12-12] (LG Electronics Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vzandnetadb; System32\Drivers\lgvzandnetadb.sys [X]
S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 21:04 - 2015-06-09 21:05 - 00017860 _____ C:\Users\Ben\Desktop\FRST.txt
2015-06-09 19:36 - 2015-06-09 19:42 - 00000000 ____D C:\AdwCleaner
2015-06-09 19:35 - 2015-06-09 19:35 - 02231296 _____ C:\Users\Ben\Desktop\AdwCleaner.exe
2015-06-08 22:09 - 2015-06-08 22:09 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-08 22:08 - 2015-06-08 22:09 - 02870984 _____ (ESET) C:\Users\Ben\Downloads\esetsmartinstaller_enu.exe
2015-06-08 18:47 - 2015-06-08 18:47 - 00025745 _____ C:\ComboFix.txt
2015-06-08 18:33 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 18:33 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 18:33 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 18:33 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 18:33 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 18:33 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 18:33 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 18:33 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 18:28 - 2015-06-08 18:47 - 00000000 ____D C:\Qoobox
2015-06-08 18:28 - 2015-06-08 18:45 - 00000000 ____D C:\Windows\erdnt
2015-06-08 18:25 - 2015-06-08 18:26 - 05628238 ____R (Swearware) C:\Users\Ben\Desktop\ComboFix.exe
2015-06-08 18:25 - 2015-06-08 18:25 - 00000512 _____ C:\Users\Ben\Desktop\MBR.dat
2015-06-08 18:10 - 2015-06-08 18:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-08 17:55 - 2015-06-08 17:55 - 05198336 _____ (AVAST Software) C:\Users\Ben\Desktop\aswMBR.exe
2015-06-07 16:03 - 2015-06-07 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 16:02 - 2015-06-07 16:02 - 00000000 ____D C:\Users\Ben\Desktop\mbar-1.09.1.1004
2015-06-07 16:01 - 2015-06-07 16:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Ben\Desktop\mbar-1.09.1.1004.exe
2015-06-07 15:53 - 2015-06-07 15:53 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BEN-PC-Windows-7-Ultimate-(64-bit).dat
2015-06-07 15:53 - 2015-06-07 15:53 - 00000000 ____D C:\RegBackup
2015-06-07 15:52 - 2015-06-07 15:52 - 02942406 _____ (Thisisu) C:\Users\Ben\Desktop\JRT.exe
2015-06-06 18:52 - 2015-06-06 18:52 - 00000000 ____D C:\Users\Ben\AppData\Local\GWX
2015-06-05 19:48 - 2015-06-09 21:04 - 00000000 ____D C:\FRST
2015-06-05 19:46 - 2015-06-05 19:46 - 02108928 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2015-06-05 19:46 - 2015-06-05 19:46 - 00688992 _____ (Swearware) C:\Users\Ben\Downloads\dds.com
2015-06-05 05:09 - 2015-05-22 13:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 05:09 - 2015-05-22 13:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 05:09 - 2015-05-22 13:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 05:09 - 2015-05-22 13:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 05:09 - 2015-05-22 13:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 05:09 - 2015-05-22 13:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 05:09 - 2015-05-22 13:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 05:09 - 2015-05-21 08:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-03 20:38 - 2015-06-03 20:38 - 22064896 _____ (SUPERAntiSpyware) C:\Users\Ben\Downloads\SUPERAntiSpyware.exe
2015-06-02 20:34 - 2015-06-02 20:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-02 20:33 - 2015-06-03 20:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-02 20:33 - 2015-06-02 20:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-02 20:33 - 2015-06-02 20:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ben\Downloads\spybot-2.4.exe
2015-06-02 20:33 - 2015-06-02 20:33 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-02 20:33 - 2015-06-02 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-02 20:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-06-02 09:38 - 2015-06-02 09:38 - 00000000 ____D C:\Users\Ben\AppData\Local\Avg
2015-06-01 19:55 - 2015-06-07 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-06-01 19:55 - 2015-06-01 19:55 - 00000000 ____D C:\Users\Ben\AppData\Roaming\LavasoftStatistics
2015-06-01 19:55 - 2015-06-01 19:55 - 00000000 ____D C:\Users\Ben\AppData\Local\Lavasoft
2015-06-01 19:55 - 2015-06-01 19:55 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-06-01 19:55 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-06-01 19:55 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-06-01 19:53 - 2015-06-07 15:43 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Lavasoft
2015-06-01 19:53 - 2015-06-07 15:43 - 00000000 ____D C:\ProgramData\Lavasoft
2015-06-01 19:53 - 2015-06-01 19:53 - 02057008 _____ C:\Users\Ben\Downloads\Adaware_Installer.exe
2015-05-25 20:25 - 2015-06-09 19:29 - 00000000 ____D C:\Users\Ben\Desktop\Old Firefox Data
2015-05-25 20:21 - 2015-06-09 19:44 - 00000504 _____ C:\Windows\setupact.log
2015-05-25 20:21 - 2015-06-08 18:43 - 00001884 _____ C:\Windows\PFRO.log
2015-05-25 20:21 - 2015-05-25 20:21 - 00000000 _____ C:\Windows\setuperr.log
2015-05-25 20:20 - 2015-05-25 20:20 - 00190972 _____ C:\Users\Ben\Documents\cc_20150525_202000.reg
2015-05-25 20:15 - 2015-05-25 20:15 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-25 20:15 - 2015-05-25 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-25 20:15 - 2015-05-25 20:15 - 00000000 ____D C:\Program Files\CCleaner
2015-05-25 18:34 - 2015-06-09 19:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 18:34 - 2015-06-07 16:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-25 18:34 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-25 18:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-25 18:33 - 2015-05-25 18:33 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ben\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-25 10:07 - 2015-05-25 10:07 - 06870552 _____ (ParetoLogic, Inc.) C:\Users\Ben\Downloads\RegCureProSetup_f9decd8_.exe
2015-05-25 10:04 - 2015-05-25 10:04 - 00000000 _____ C:\autoexec.bat
2015-05-25 10:01 - 2015-05-25 10:02 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ben\Downloads\SpyHunter-Installer.exe
2015-05-25 09:41 - 2015-05-25 09:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-05-19 20:09 - 2015-05-19 20:09 - 00716896 _____ (Kaspersky Lab) C:\Users\Ben\Downloads\setup.exe
2015-05-13 01:02 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:02 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:55 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:55 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:55 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:55 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:55 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:55 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 21:55 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 21:55 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:55 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:55 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:55 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:55 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 21:55 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 21:55 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 21:55 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 21:55 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 21:55 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 21:55 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 21:55 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 21:55 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 21:55 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 21:55 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 21:55 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 21:55 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 21:55 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 21:55 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 21:55 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 21:55 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 21:55 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 21:55 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 21:55 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:55 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 21:55 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 21:55 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 21:55 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 21:55 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:55 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:55 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:55 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:55 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:55 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:55 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:55 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:55 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:55 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:55 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:55 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:55 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:55 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:55 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:55 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:55 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:55 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:55 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:55 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:55 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:55 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:55 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:55 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:55 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:55 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:55 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:55 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:55 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:55 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:55 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:55 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:55 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:55 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:55 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:55 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:55 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:55 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:55 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:55 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:55 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:55 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:55 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:55 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:55 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:55 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:55 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:55 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:55 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:55 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:55 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:55 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:55 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:54 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:54 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:54 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:54 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:54 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:54 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:54 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 21:54 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:54 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:54 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:54 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:54 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 21:54 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 21:54 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:54 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 21:54 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:54 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:54 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 20:36 - 2012-08-14 03:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 19:52 - 2009-07-13 23:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 19:52 - 2009-07-13 23:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 19:51 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-09 19:47 - 2012-07-21 21:00 - 01365597 _____ C:\Windows\WindowsUpdate.log
2015-06-09 19:44 - 2012-11-18 02:01 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-09 19:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 19:28 - 2013-07-06 16:40 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-09 09:11 - 2012-07-21 21:12 - 00000000 ____D C:\ProgramData\MFAData
2015-06-08 18:47 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-06-08 18:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-06-08 18:43 - 2012-07-22 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-07 15:46 - 2013-07-06 16:38 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-06 01:15 - 2015-04-15 01:26 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 01:15 - 2014-04-30 01:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-02 09:39 - 2014-04-08 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-25 20:17 - 2012-11-16 15:00 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Azureus
2015-05-25 20:17 - 2012-10-03 03:53 - 00000000 ____D C:\Users\Ben\AppData\Roaming\CoreFTP
2015-05-25 20:17 - 2012-07-23 00:02 - 00000000 ____D C:\Users\Ben\AppData\Roaming\uTorrent
2015-05-25 20:17 - 2012-07-21 23:49 - 00000000 ____D C:\Windows\Panther
2015-05-25 19:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-05-25 19:58 - 2012-11-16 14:59 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-05-20 01:00 - 2015-04-04 12:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 01:00 - 2015-04-04 12:46 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-18 21:50 - 2015-04-26 22:05 - 00000000 ____D C:\Users\Ben\Desktop\mustang seat
2015-05-17 21:36 - 2014-03-19 14:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 02:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 01:30 - 2013-05-28 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 01:30 - 2013-05-28 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 01:30 - 2009-07-13 23:45 - 04972920 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 01:29 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 01:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 01:11 - 2013-07-27 01:02 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 01:11 - 2012-07-22 03:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 01:04 - 2012-07-21 21:20 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 01:02 - 2013-05-28 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-06-26 20:17 - 2014-06-22 18:26 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-10-22 02:02 - 2012-10-22 02:07 - 0000132 _____ () C:\Users\Ben\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-07-22 02:38 - 2012-07-22 02:40 - 0007600 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Ben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ben\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\Drivers\ACPIPMI.SYS
C:\Windows\SysWOW64\Drivers\ADPU320.SYS
C:\Windows\SysWOW64\Drivers\AGP440.SYS
C:\Windows\SysWOW64\Drivers\AVGTPX64.SYS
C:\Windows\SysWOW64\Drivers\BRSERWDM.SYS
C:\Windows\SysWOW64\Drivers\BXVBDA.SYS
C:\Windows\SysWOW64\Drivers\KSECDD.SYS
C:\Windows\SysWOW64\Drivers\UMBUS.SYS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:20

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Ben at 2015-06-09 21:05:29
Running from C:\Users\Ben\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1628508633-2882252568-2130994149-500 - Administrator - Disabled)
Ben (S-1-5-21-1628508633-2882252568-2130994149-1001 - Administrator - Enabled) => C:\Users\Ben
Guest (S-1-5-21-1628508633-2882252568-2130994149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1628508633-2882252568-2130994149-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1628508633-2882252568-2130994149-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Ad-Aware Web Companion (x32 Version: 2.0.1013.2086 - Lavasoft) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{AE29D445-8164-4CD1-8824-FCE85C0BB179}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bigasoft Total Video Converter 3.7.24.4700 (HKLM-x32\...\{a72ce741-1f32-4d79-bffb-a714375c678d}_is1) (Version: - Bigasoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete Stand-Alone) (Version: 3.1.1.0 - Nik Software, Inc.)
Core FTP Pro 2.1 (HKLM-x32\...\Core FTP Pro 2.1) (Version: - )
Dfine 2.0 (HKLM-x32\...\Dfine 2.0) (Version: 2.1.1.2 - Nik Software, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
HDR Efex Pro (HKLM-x32\...\HDR Efex Pro) (Version: 1.0.0.0 - Nik Software, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.20001.0 - IDT)
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - )
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
LavasoftTcpService (x32 Version: 2.3.4.2 - Lavasoft) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
LG Verizon United Driver (HKLM-x32\...\{A17B9856-40CF-4BEA-BB65-ADB8154A83DC}) (Version: 2.20.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money 98 (HKLM-x32\...\MSMONEYV60) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE})

[WsW-WYATT-EARP]

Is this only with Firefox

 

 

https://support.mozilla.org/en-US/questions/956675

https://support.mozilla.org/en-US/questions/958458

If it works in Safe Mode and in normal mode with all extensions (Tools > Add-ons > Extensions) disabled then try to find which extension is causing it by enabling one extension at a time until the problem reappears.

 

 

 

I show no extensions are installed or enabled - I tried safe mode and same results.

 

I could uninstall completely and reinstall firefox? I haven't tried IE to see if it too has issues.

 

https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Edited June 10, 2015 by WsW-WYATT-EARP