WsW-WYATT-EARP Posted June 6, 2015 Share Posted June 6, 2015 Hi - I've had my computer running now without an issue for as long as I can remember. My wife and I use it mainly for bills and banking, she watches some netflix or hulu with it as well. I did photo editing on it for a long time also. Enter step-son .... he needed to print something I guess, sent the file(s) from his computer and came on mine. He couldn't print from his computer I guess (we have a network printer). I know his computer is loaded with crap again and I said I would wipe and reinstall the OS but I won't spend my time or yours cleaning his computer again. So after I guess a little time on my computer, I get pop ups from everything. I have ran adaware, kapersky online scan, superantispyware, spybot search and destroy, mbam ... they all found items and removed them except the mbam scan came clean. Still getting pop ups - allot of pckeeper and stuff like that. Took a bit to get a few install files as it kept trying to get me to dl mackeeper I use AVG free and Firefox as my browser Thanks so much! Ben Here is dds logs and Farbar logs DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.17801 BrowserJavaVersion: 11.40.2Run by Ben at 19:47:18 on 2015-06-05Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8125.4865 [GMT -5:00].AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.c:\PROGRA~2\AVG\AVG2015\avgrsa.exeC:\Program Files (x86)\AVG\AVG2015\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\STacSV64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\AVG\AVG2015\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exeC:\Windows\System32\svchost.exe -k utcsvcC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exeC:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\lxdncoms.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\nlssrv32.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exeC:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exeC:\Program Files (x86)\Microsoft Money\System\REMINDER.EXEC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\AVG Secure Search\vprot.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\AVG\AVG2015\avgui.exeC:\Program Files (x86)\Winamp\winampa.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files (x86)\AVG\AVG2015\avgnsa.exeC:\Program Files (x86)\AVG\AVG2015\avgemca.exeC:\Windows\SysWOW64\ctfmon.exeC:\Windows\system32\GWX\GWX.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\WUDFHost.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\system32\wuauclt.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602uProxyOverride = <-loopback>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dllBHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dlluRun: [AdobeBridge] <no file>mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginmRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStartmRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /smRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLYmRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htmIE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}LSP: C:\Windows\System32\LavasoftTcpService.dllTrusted Zone: localhostTrusted Zone: webcompanion.comDPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cabTCP: NameServer = 192.168.27.4TCP: Interfaces\{0838907C-E5FD-42A5-96BF-8B8865625792} : DHCPNameServer = 192.168.27.4Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLLHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dllNotify: SDWinLogon - SDWinLogon.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exex64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\d6oiifor.default-1432603543830\FF - prefs.js: browser.search.selectedEngine - Ad-Aware SecureSearchFF - prefs.js: browser.startup.homepage - hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dllFF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-7 253920]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-7 378336]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-7 220128]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-7-23 72240]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-7-23 15920]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-4-27 284128]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-4 291296]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-5-18 3438544]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-5-18 311792]R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [2015-3-10 720760]R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2015-5-25 2751816]R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-9-5 66560]R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-6-2 1738168]R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-6-2 2088408]R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-6-2 171928]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]R2 vToolbarUpdater18.5.0;vToolbarUpdater18.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [2015-5-13 1812416]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-5-25 25816]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-5-25 1080120]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-12 114688]S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-5-25 63704]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-10 20992]S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-21 42184]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-22 59392]S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-7-3 4774208]S3 vzandnetbus;LGE Mobile for VZW USB Composite Device;C:\Windows\System32\drivers\lgvzandnetbus64.sys [2015-4-4 27648]S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2014-3-31 30208]S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2014-3-31 36864]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-22 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464].=============== Created Last 30 ================.2015-06-04 01:39:38 -------- d-----w- C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com2015-06-04 01:39:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com2015-06-04 01:39:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware2015-06-03 01:33:54 21040 ----a-w- C:\Windows\System32\sdnclean64.exe2015-06-03 01:33:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2015-06-03 01:33:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22015-06-02 14:38:12 -------- d-----w- C:\Users\Ben\AppData\Local\Avg2015-06-02 00:55:54 -------- d-----w- C:\Users\Ben\AppData\Roaming\LavasoftStatistics2015-06-02 00:55:49 -------- d-----w- C:\Users\Ben\AppData\Local\Lavasoft2015-06-02 00:55:45 429392 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll2015-06-02 00:55:45 347976 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll2015-06-02 00:55:35 -------- d-----w- C:\Program Files (x86)\Lavasoft2015-06-02 00:54:56 -------- d-----w- C:\Program Files\Lavasoft2015-06-02 00:53:55 -------- d-----w- C:\Program Files\Common Files\Lavasoft2015-05-26 01:15:18 -------- d-----w- C:\Program Files\CCleaner2015-05-25 23:34:39 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2015-05-25 23:34:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys2015-05-25 23:34:26 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2015-05-25 23:34:26 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2015-05-25 23:34:26 -------- d-----w- C:\ProgramData\Malwarebytes2015-05-25 23:34:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-25 23:34:12 -------- d-----w- C:\Users\Ben\AppData\Local\Programs2015-05-25 14:41:24 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files2015-05-13 06:02:14 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll2015-05-13 06:02:14 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2015-05-13 02:54:51 1647104 ----a-w- C:\Windows\System32\DWrite.dll2015-05-07 18:50:22 378336 ----a-w- C:\Windows\System32\drivers\avgloga.sys2015-05-07 18:49:24 253920 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2015-05-07 18:49:22 220128 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys.==================== Find3M ====================.2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll2015-05-04 19:14:30 291296 ----a-w- C:\Windows\System32\drivers\avgtdia.sys2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll2015-04-27 18:19:16 284128 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll2015-04-15 18:06:02 256992 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2015-04-15 05:36:08 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2015-04-15 05:36:08 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll.============= FINISH: 19:47:44.45 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 7/21/2012 9:00:28 PMSystem Uptime: 6/4/2015 9:29:41 PM (22 hours ago).Motherboard: Intel Corporation | | DP35DPProcessor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | CPU1 | 2331/333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 238 GiB total, 125.35 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 932 GiB total, 414.81 GiB free.F: is FIXED (NTFS) - 932 GiB total, 84.676 GiB free.G: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.H: is FIXED (NTFS) - 931 GiB total, 282.903 GiB free.I: is RemovableJ: is RemovableK: is RemovableL: is RemovableM: is RemovableN: is RemovableO: is RemovableP: is RemovableQ: is FIXED (FAT32) - 931 GiB total, 99.681 GiB free.R: is CDROM ().==== Disabled Device Manager Items =============.Class GUID:Description: PCI Simple Communications ControllerDevice ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18Manufacturer:Name: PCI Simple Communications ControllerPNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18Service:.==== System Restore Points ===================.RP219: 5/28/2015 12:00:09 AM - Scheduled CheckpointRP220: 6/1/2015 7:53:32 PM - AA11RP221: 6/1/2015 7:55:19 PM - LavasoftWeCompanion.==== Installed Programs ======================.µTorrent64 Bit HP CIO Components InstallerAd-Aware AntivirusAd-Aware Web CompanionAdAwareInstallerAdAwareUpdaterAdobe Acrobat 9 Pro - English, Français, DeutschAdobe Acrobat 9.5.5 - CPSID_83708Adobe AIRAdobe Community HelpAdobe Creative Suite 5 Design StandardAdobe Flash Player 17 ActiveXAdobe Flash Player 17 NPAPIAdobe Media PlayerAdobe Reader XI (11.0.11)Amazon MP3 Downloader 1.0.17AntimalwareEngineAvery Wizard 5.0AVG 2015AVG Security ToolbarAVS Audio Converter 7.2AVS Update Manager 1.0AVS Video Converter 8AVS4YOU Software Navigator 1.4Bigasoft Total Video Converter 3.7.24.4700CCleanerColor Efex Pro 3.0 CompleteCore FTP Pro 2.1Dfine 2.0DVD Shrink 3.2HDR Efex ProIDT AudioImagenomic Noiseware 4.2 Professional Plug-in (build 4205)Imagenomic Portraiture 2.3 Plug-in (build 2308)Java 8 Update 40Java Auto UpdaterLavasoftTcpServiceLexmark 2600 SeriesLG Verizon United DriverLightScribe System SoftwareMalwarebytes Anti-Malware version 2.1.6.1022Microsoft .NET Framework 4.5.1Microsoft Money 98Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Office XP Professional with FrontPageMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Mozilla Firefox 38.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB973688)Nero 11 Mini RepackNero Backup DriversNETGEAR Live Parental Controls Management Utility 2.1.5NVIDIA 3D Vision Driver 331.65NVIDIA Control Panel 331.65NVIDIA Graphics Driver 331.65NVIDIA Install ApplicationNVIDIA Stereoscopic 3D DriverNVIDIA Update 1.15.2NVIDIA Update ComponentsOpanda IExif 2.3PDF Settings CS5Photodex PresenterPhotodex ProShow Producer version 4.52PhotoWatermark Professional 7Renesas Electronics USB 3.0 Host Controller DriverSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687439) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2817330) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2850022) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2880507) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2880508) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2881069) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2883029) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2920795) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2965282) 32-Bit EditionSecurity Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit EditionSecurity Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2965284) 32-Bit EditionSharpener Pro 3.0Silver Efex ProSpybot - Search & DestroySUPERAntiSpywareSystem Requirements Lab for IntelUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596787) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2920794) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 (KB2863811) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2986252) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VirtualCloneDriveVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesViveza 2VNC Mirror Driver 1.8.0VNC Printer Driver 1.8.0VNC Server 5.0.5VNC Viewer 5.0.5VuzeVuze Remote Toolbar v11.3Web CompanionWinampWinamp Detector Plug-inWinRAR archiverYahoo! MessengerYahoo! Software Update.==== Event Viewer Messages From Past Week ========.6/4/2015 9:30:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.6/4/2015 9:30:04 PM, Error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015Ran by Ben (administrator) on BEN-PC on 05-06-2015 19:48:23Running from C:\Users\Ben\DesktopLoaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\stacsv64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe( ) C:\Windows\System32\lxdncoms.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe() C:\Program Files (x86)\AVG Secure Search\vprot.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-12] (IDT, Inc.)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()HKLM\...\Run: [] => [X]HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2510784 2015-05-13] ()HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Reminder] => C:\Program Files (x86)\Microsoft Money\System\reminder.exe [34304 1997-08-15] (Microsoft Corporation)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1376016 2015-05-25] (Lavasoft)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: S - S:\VerizonSWUpgradeAssistantLauncher.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {1146cd42-6fbc-11e4-9ba7-001cc0388498} - T:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {1146cd4c-6fbc-11e4-9ba7-001cc0388498} - T:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {26c867be-b65e-11e3-b22c-001cc0388498} - S:\VerizonSWUpgradeAssistantLauncher.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {51a82c57-ceab-11e4-ae3b-001cc0388498} - S:\VerizonSWUpgradeAssistantLauncher.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {5e9c7bf4-156c-11e2-b16a-001cc0388498} - "Q:\WD SmartWare.exe" autoplay=trueHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {5e9c7bfd-156c-11e2-b16a-001cc0388498} - "Q:\WD SmartWare.exe" autoplay=trueHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {5e9c7c05-156c-11e2-b16a-001cc0388498} - "Q:\WD SmartWare.exe" autoplay=trueHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {656c2b60-721b-11e3-9fae-001cc0388498} - U:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\MountPoints2: {ce9ac43c-c9e5-11e3-aae5-001cc0388498} - T:\VerizonSWUpgradeAssistantLauncher.exeHKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-02] (AVG Secure Search)HKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-08] (AVG Secure Search)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-10-15]ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> DefaultScope {D8CAF3B5-325E-4A2E-8EA8-AF247108C717} URL =SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={7E40E952-C22D-4464-8FB6-251D0C5CB4CF}&mid=e107dcb1c5a147d0a5cfd15586dc6d6b-8c67b2054c0c796ae551bf295ff9b4d493d1d8ca&lang=en&ds=AVG&pr=fr&d=2012-07-21 21:15:44&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_cnet_150602&q={searchTerms}BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No FileBHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No FileBHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No FileToolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cabHandler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-13] (AVG Secure Search)Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-06-01] (Lavasoft Limited)Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-06-01] (Lavasoft Limited)Tcpip\Parameters: [DhcpNameServer] 192.168.27.4FireFox:========FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\d6oiifor.default-1432603543830FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602FF DefaultSearchEngine: Ad-Aware SecureSearchFF SelectedSearchEngine: Ad-Aware SecureSearchFF Homepage: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-06] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java Link to comment Share on other sites More sharing options...
Juliet Posted June 7, 2015 Share Posted June 7, 2015 Hi Ben, sorry it took so long I'm under the weather. Two antivirus programs on the machine. AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED} I know it says disabled but it shows both in running processes and services. C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe µTorrent, Azureus, Vuze <--tsk tsk, you know the dangers there RegCure Pro <-- if found should be uninstalled Vuze Remote Toolbar v11.3 <-- if found should be uninstalled ~~~~~~~~~~~~~~~` Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> DefaultScope {D8CAF3B5-325E-4A2E-8EA8-AF247108C717} URL = SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch...q={searchTerms} BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File C:\Users\Ben\AppData\Local\Temp\ose00000.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A4D014A8-92F3-45C5-83DF-08974F884C09}.exe <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{47CF15A4-175D-498A-AE51-463DA3BC077A}.exe <==== ATTENTION AlternateDataStreams: C:\Windows:nlsPreferences EmptyTemp: Hosts: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. ~~~~~~~~~~~~~~~~~~~~ Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ~~~ Malwarebytes Anti-Rootkit Download Malwarebytes Anti-Rootkit Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option. Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop. Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder. Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit. After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly. Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly. If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically. Please click by the introduction screen on the Next button to continue.Next you will see the Update Database screen. Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates. When the update has finished, click on the Next button.Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button. Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient. When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan. Make sure everything is selected and that the option to create a restore point is checked. Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer. Click on Yes button to restart your computer. There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log. The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt. The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program. please post Fixlog.txt Junk Removal tool MBAR log Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 8, 2015 Author Share Posted June 8, 2015 Juliet - No need to appologize for anything - hope you feel better soon! Thanks for taking a look at this. The Ad-Aware was installed from the sticky in this section of the tools to use before posting any logs. I uninstalled Ad-Aware as of now. I couldn't find any traces of regcure pro and the vuze remote toolbar can't find the directory to uninstall. FRST ran ok - log below JRT ran ok - log below MBAR did NOT run ok. It stopped scanning on a small jpg in my downloads - I stopped it, rebooted and restarted it. I also deleted the jpg it was stuck on (a file my wife sent from work when I designed some biz cards for her). This time it is stuck on a manual that I downloaded. It was stuck on this file for at least 2 hours now, I'm not sure how to proceed with that. I have no log Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015Ran by Ben at 2015-06-07 15:48:28 Run:1Running from C:\Users\Ben\DesktopLoaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)Boot Mode: Normal==============================================fixlist content:*****************startCreateRestorePoint:CloseProcesses:SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> DefaultScope {D8CAF3B5-325E-4A2E-8EA8-AF247108C717} URL =SearchScopes: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch...q={searchTerms}BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No FileBHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No FileToolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No FileToolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-1628508633-2882252568-2130994149-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileC:\Users\Ben\AppData\Local\Temp\ose00000.exeTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{A4D014A8-92F3-45C5-83DF-08974F884C09}.exe <==== ATTENTIONTask: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{47CF15A4-175D-498A-AE51-463DA3BC077A}.exe <==== ATTENTIONAlternateDataStreams: C:\Windows:nlsPreferencesEmptyTemp:Hosts:End*****************Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully"HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => key removed successfullyHKCR\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => key not found."HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfullyHKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfullyHKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfullyHKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value removed successfullyHKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfullyHKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfullyHKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found."HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfullyHKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.C:\Users\Ben\AppData\Local\Temp\ose00000.exe => moved successfully.C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => moved successfully.C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully.C:\Windows => ":nlsPreferences" ADS removed successfully.C:\Windows\System32\Drivers\etc\hosts => moved successfully.Hosts restored successfully.EmptyTemp: => 191.5 MB temporary data Removed.The system needed a reboot..==== End of Fixlog 15:49:05 ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.8.9 (06.06.2015:1)OS: Windows 7 Ultimate x64Ran by Ben on Sun 06/07/2015 at 15:53:29.40~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] yahooauserviceSuccessfully deleted: [service] yahooauservice~~~ Tasks~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main\\Start Page~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIPSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}~~~ FilesFailed to delete: [File] C:\Windows\system32\LavasoftTcpService64.dllFailed to delete: [File] C:\Windows\syswow64\LavasoftTcpService.dllSuccessfully deleted: [File] C:\Windows\wininit.iniSuccessfully deleted: [File] C:\Windows\system32\LavasoftTcpServiceOff.iniSuccessfully deleted: [File] C:\Windows\syswow64\LavasoftTcpServiceOff.iniSuccessfully deleted: [File] C:\Users\Ben\appdata\local\81da748dc58977149ba733cee7429743~~~ FoldersSuccessfully deleted: [Folder] C:\Program Files (x86)\avg security toolbarSuccessfully deleted: [Folder] C:\Users\Ben\appdata\local\pc_drivers_headquarters~~~ FireFoxSuccessfully deleted: [File] C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\d6oiifor.default-1432603543830\searchplugins\securesearch.xmlSuccessfully deleted the following from C:\Users\Ben\AppData\Roaming\mozilla\firefox\profiles\d6oiifor.default-1432603543830\prefs.jsuser_pref(browser.newtab.url, hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602);user_pref(browser.search.defaultenginename, Ad-Aware SecureSearch);user_pref(browser.search.selectedEngine, Ad-Aware SecureSearch);user_pref(browser.startup.homepage, hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10140_cnet_150602);user_pref(extensions.xpiState, {\app-global\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\d\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 06/07/2015 at 15:57:18.71End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
Juliet Posted June 8, 2015 Share Posted June 8, 2015 I couldn't find any traces of regcure pro and the vuze remote toolbar can't find the directory to uninstall. We'll check again. Are you still having pop ups? Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 8, 2015 Author Share Posted June 8, 2015 Morning Juliet, The pop up that was happening seems to have stopped. But, it's still opening another tab in Firefox when I click anywhere on a page, even if it isn't a link. Usually the tab is pckeeper or some other fix it page. Link to comment Share on other sites More sharing options...
Juliet Posted June 8, 2015 Share Posted June 8, 2015 Let's try the easy things first. Instructions on how to backup your Favourites/Bookmarks and other data can be found below. Backup Internet Explorer Favourites Backup Firefox Bookmarks Backup Chrome Bookmarks Proceed with the reset once done. Internet Explorer: How to reset Internet Explorer settings Firefox: Reset Firefox Chrome: Chrome - Reset browser settings Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 8, 2015 Author Share Posted June 8, 2015 ok - I reset firefox and when I came back to here I got extra tabs and a pop-up saying (an audio clip played it as well) to call some # to get virus removal instructions.... I don't use chrome or internet explorer but I can try IE if you want me to ? The Mbar was still hanging when I got home trying to close - I had to go through task manager to end it. Link to comment Share on other sites More sharing options...
Juliet Posted June 8, 2015 Share Posted June 8, 2015 Could be antivirus was interfering Please download aswMBR ( 511KB ) to your desktop. Double click the aswMBR.exe icon to run it Click the Scan button to start the scan On completion of the scan, click the save log button, save it to your desktop and post it in your next reply. Important! Please do not perform any fix options offered in aswMBR ~~~~~~~~~~~~~~~~~~~~ Let's see if we can get ComboFix to run. If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution. Emergency Backup Procedure - Tech Support Forum Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. How to use ComboFix Download ComboFix from here: Link 1 Link 2 Link 3 Place ComboFix.exe on your Desktop <--Important Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix. * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer --------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled. Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. --------------------------------------------------------------------------------------------- If there are Internet issues after running ComboFix: Internet Explorer: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok. Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself. Chrome: Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself. Safari Launch Safari Go to general settings menu Then in Preferences/ Advanced Then on line click Proxies change settings ... Click Internet Options, then click the Connections tab, click Network Settings. Disable option (uncheck) for the use of proxy server ... Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 8, 2015 Author Share Posted June 8, 2015 Both scans ran ok - Logs below I couldn't get spybot S&D to stop and combofix ran anyways - I thought I disabled everything. I can uninstall it if you want? I tried to search how to disable it after the 1st warning came up but firefox won't allow me to search anything. When I say I can click anywhere on a page and a tab opens up - I mean anywhere, can be blank area or a link or anything. aswMBR version 1.0.1.2252 Copyright© 2014 AVAST SoftwareRun date: 2015-06-08 17:56:10-----------------------------17:56:10.128 OS Version: Windows x64 6.1.7601 Service Pack 117:56:10.128 Number of processors: 4 586 0x170717:56:10.129 ComputerName: BEN-PC UserName: Ben17:56:10.720 Initialize success17:56:10.825 VM: initialized successfully17:56:10.826 VM: Intel CPU virtualization not supported17:58:45.733 AVAST engine defs: 1506080117:59:01.342 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-217:59:01.342 Disk 0 Vendor: OCZ-VERTEX4 1.4.1.3 Size: 244198MB BusType: 317:59:01.342 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-317:59:01.342 Disk 1 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 317:59:01.358 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-417:59:01.358 Disk 2 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 317:59:01.358 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-517:59:01.358 Disk 3 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 317:59:01.374 Disk 0 MBR read successfully17:59:01.374 Disk 0 MBR scan17:59:01.374 Disk 0 Windows 7 default MBR code17:59:01.389 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204817:59:01.389 Disk 0 default boot code17:59:01.405 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 244096 MB offset 20684817:59:01.420 Disk 0 scanning C:\Windows\system32\drivers17:59:05.686 Service scanning17:59:15.952 Modules scanning17:59:15.952 Disk 0 trace - called modules:17:59:15.952 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys17:59:15.967 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071f0060]17:59:15.967 3 CLASSPNP.SYS[fffff8800190043f] -> nt!IofCallDriver -> [0xfffffa8006fcee40]17:59:15.967 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8006fea060]17:59:16.561 AVAST engine scan C:\Windows17:59:17.202 AVAST engine scan C:\Windows\system3218:01:07.655 AVAST engine scan C:\Windows\system32\drivers18:01:12.842 AVAST engine scan C:\Users\Ben18:17:18.515 AVAST engine scan C:\ProgramData18:25:07.344 Disk 0 statistics 4892270/0/0 @ 2.26 MB/s18:25:07.344 Scan finished successfully18:25:18.235 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"18:25:18.235 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt" ComboFix 15-05-31.01 - Ben 06/08/2015 18:34:55.1.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8125.5642 [GMT -5:00]Running from: c:\users\Ben\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}. ADS - Windows: deleted 0 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\SPL896B.tmpE:\install.exec:\windows\system32\Drivers\ksecdd.sys . . . . Failed to delete.c:\windows\SysWow64\drivers\AGP440.sys . . . is infected!!..((((((((((((((((((((((((( Files Created from 2015-05-08 to 2015-06-08 )))))))))))))))))))))))))))))))..2015-06-08 23:42 . 2015-06-08 23:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2015-06-08 23:42 . 2015-06-08 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp2015-06-07 21:03 . 2015-06-07 22:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2015-06-07 20:53 . 2015-06-07 20:53 -------- d-----w- C:\RegBackup2015-06-06 23:52 . 2015-06-06 23:52 -------- d-----w- c:\users\Ben\AppData\Local\GWX2015-06-06 00:48 . 2015-06-07 20:50 -------- d-----w- C:\FRST2015-06-05 10:09 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll2015-06-05 10:09 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll2015-06-05 10:09 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll2015-06-05 10:09 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll2015-06-05 10:09 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll2015-06-05 10:09 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll2015-06-05 10:09 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll2015-06-05 10:09 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll2015-06-04 01:39 . 2015-06-04 01:39 -------- d-----w- c:\users\Ben\AppData\Roaming\SUPERAntiSpyware.com2015-06-04 01:39 . 2015-06-04 01:39 -------- d-----w- c:\program files\SUPERAntiSpyware2015-06-04 01:39 . 2015-06-04 01:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2015-06-03 01:33 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe2015-06-03 01:33 . 2015-06-04 01:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy2015-06-03 01:33 . 2015-06-03 01:39 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22015-06-02 14:38 . 2015-06-02 14:38 -------- d-----w- c:\users\Ben\AppData\Local\Avg2015-06-02 00:55 . 2015-06-02 00:55 -------- d-----w- c:\users\Ben\AppData\Local\Lavasoft2015-06-02 00:55 . 2015-05-25 15:24 429392 ----a-w- c:\windows\system32\LavasoftTcpService64.dll2015-06-02 00:55 . 2015-05-25 15:24 347976 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll2015-06-02 00:55 . 2015-06-02 00:55 -------- d-----w- c:\program files (x86)\Lavasoft2015-06-02 00:53 . 2015-06-07 20:43 -------- d-----w- c:\users\Ben\AppData\Roaming\Lavasoft2015-06-02 00:53 . 2015-06-07 20:43 -------- d-----w- c:\programdata\Lavasoft2015-05-26 01:15 . 2015-05-26 01:15 -------- d-----w- c:\program files\CCleaner2015-05-25 23:34 . 2015-06-07 22:49 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-05-25 23:34 . 2015-06-07 21:03 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2015-05-25 23:34 . 2015-05-25 23:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2015-05-25 23:34 . 2015-05-25 23:34 -------- d-----w- c:\programdata\Malwarebytes2015-05-25 23:34 . 2015-04-14 14:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2015-05-25 23:34 . 2015-04-14 14:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2015-05-25 23:34 . 2015-05-25 23:34 -------- d-----w- c:\users\Ben\AppData\Local\Programs2015-05-25 14:41 . 2015-05-25 14:41 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files2015-05-13 06:02 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-05-13 06:02 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll2015-05-13 02:54 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-05-13 06:04 . 2012-07-22 02:20 140425016 ----a-w- c:\windows\system32\MRT.exe2015-05-07 18:50 . 2015-05-07 18:50 378336 ----a-w- c:\windows\system32\drivers\avgloga.sys2015-05-07 18:49 . 2015-05-07 18:49 253920 ----a-w- c:\windows\system32\drivers\avgidsha.sys2015-05-07 18:49 . 2015-05-07 18:49 220128 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2015-05-04 19:14 . 2015-05-04 19:14 291296 ----a-w- c:\windows\system32\drivers\avgtdia.sys2015-04-27 19:04 . 2015-05-13 02:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll2015-04-27 18:19 . 2015-04-27 18:19 284128 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2015-04-15 18:06 . 2015-04-15 18:06 256992 ----a-w- c:\windows\system32\drivers\avgldx64.sys2015-04-15 05:36 . 2012-08-14 08:15 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2015-04-15 05:36 . 2012-07-25 17:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2015-03-25 03:24 . 2015-04-14 19:04 98304 ----a-w- c:\windows\system32\wudriver.dll2015-03-25 03:24 . 2015-04-14 19:04 37376 ----a-w- c:\windows\system32\wups2.dll2015-03-25 03:24 . 2015-04-14 19:04 35328 ----a-w- c:\windows\system32\wups.dll2015-03-25 03:24 . 2015-04-14 19:04 3298816 ----a-w- c:\windows\system32\wucltux.dll2015-03-25 03:24 . 2015-04-14 19:04 2553856 ----a-w- c:\windows\system32\wuaueng.dll2015-03-25 03:24 . 2015-04-14 19:04 191488 ----a-w- c:\windows\system32\wuwebv.dll2015-03-25 03:24 . 2015-04-14 19:04 696320 ----a-w- c:\windows\system32\wuapi.dll2015-03-25 03:24 . 2015-04-14 19:04 60416 ----a-w- c:\windows\system32\WinSetupUI.dll2015-03-25 03:23 . 2015-04-14 19:04 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll2015-03-25 03:23 . 2015-04-14 19:04 36864 ----a-w- c:\windows\system32\wuapp.exe2015-03-25 03:23 . 2015-04-14 19:04 135168 ----a-w- c:\windows\system32\wuauclt.exe2015-03-25 03:00 . 2015-04-14 19:04 92672 ----a-w- c:\windows\SysWow64\wudriver.dll2015-03-25 03:00 . 2015-04-14 19:04 566784 ----a-w- c:\windows\SysWow64\wuapi.dll2015-03-25 03:00 . 2015-04-14 19:04 29696 ----a-w- c:\windows\SysWow64\wups.dll2015-03-25 03:00 . 2015-04-14 19:04 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll2015-03-25 03:00 . 2015-04-14 19:04 33792 ----a-w- c:\windows\SysWow64\wuapp.exe2015-03-20 17:18 . 2015-03-20 17:18 40928 ----a-w- c:\windows\system32\drivers\avgrkx64.sys2015-03-20 02:29 . 2014-12-06 15:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2015-03-11 17:16 . 2015-03-11 17:16 162784 ----a-w- c:\windows\system32\drivers\avgdiska.sys..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2013-02-21 06:32 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] .. c:\windows\SysWOW64\drivers\AGP440.SYS.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Reminder"="c:\program files (x86)\Microsoft Money\System\reminder.exe" [1997-08-15 34304]"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2012-07-02 2736128]"Web Companion"="c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" [2015-05-25 1376016]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-15 7799576].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2015-05-13 2510784]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-05-18 3745744]"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdnserv.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe;c:\program files\RealVNC\VNC Server\vncserver.exe [x]R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgvzandnetadb.sys [x]R3 vzandnetbus;LGE Mobile for VZW USB Composite Device;c:\windows\system32\DRIVERS\lgvzandnetbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetbus64.sys [x]R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]S2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [x]S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 vToolbarUpdater18.5.0;vToolbarUpdater18.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2012-07-02 21:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2015-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 05:36]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]"lxdnamon"="c:\program files (x86)\Lexmark 2600 Series\lxdnamon.exe" [2010-02-04 16040].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <-loopback>IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htmIE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htmTrusted Zone: localhostTrusted Zone: webcompanion.comTCP: DhcpNameServer = 192.168.27.4Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dllFF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\fndtnemk.default-1433801736616\.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)Notify-SDWinLogon - SDWinLogon.dllHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.17".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exec:\program files (x86)\Photodex\ProShow Producer\scsiaccess.exec:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exec:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe.**************************************************************************.Completion time: 2015-06-08 18:47:22 - machine was rebootedComboFix-quarantined-files.txt 2015-06-08 23:47.Pre-Run: 133,001,793,536 bytes freePost-Run: 132,540,489,728 bytes free.- - End Of File - - 975AC5E6C9AF73658F372A4377E3C87CA36C5E4F47E84449FF07ED3517B43A31 Link to comment Share on other sites More sharing options...
Juliet Posted June 9, 2015 Share Posted June 9, 2015 I still see bits and pieces of Lavasoft on there but no big deal, we can get those off later. Show all files and folders http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/ Please go to one of the below sites to scan the following files: Virus Total (Recommended) jotti.org VirScan click on Browse, and upload the following file for analysis: C:\windows\SysWOW64\drivers\AGP440.SYS Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see. If it says already scanned -- click "reanalyze now" Please post the results in your next reply. Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 9, 2015 Author Share Posted June 9, 2015 https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1433809802/ Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 9, 2015 Author Share Posted June 9, 2015 According to the details in explorer - this file has 0 bytes Link to comment Share on other sites More sharing options...
Juliet Posted June 9, 2015 Share Posted June 9, 2015 Scan with ESET Online Scan Please go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Click Scan Wait for the scan to finish If any threats were found, click the 'List of found threats' , then click Export to text file.... Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to comment Share on other sites More sharing options...
Juliet Posted June 9, 2015 Share Posted June 9, 2015 According to the details in explorer - this file has 0 bytes I know http://www.systemlookup.com/Drivers/139-agp440_sys.html we can't go in there and just delete it out either. Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 9, 2015 Author Share Posted June 9, 2015 eset results C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe applicationC:\Users\Ben\Downloads\ccsetup505.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationH:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted applicationH:\Program Files (x86)\ConduitEngine\ConduitEngin.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationH:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted applicationH:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationH:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll Win32/Toolbar.Conduit.AQ potentially unwanted applicationH:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe applicationH:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationH:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll Win32/Toolbar.Conduit.AQ potentially unwanted applicationH:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationH:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted applicationH:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A applicationH:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationH:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationH:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted applicationH:\Users\ben\AppData\Local\Temp\Stub.EXE a variant of Win32/Toolbar.Conduit.AI potentially unwanted applicationH:\Users\ben\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A applicationH:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe multiple threatsH:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationH:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationH:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationH:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationH:\Users\ben\AppData\Roaming\Complitly\Complitly.dll a variant of Win32/Complitly.A potentially unwanted applicationH:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe a variant of Win32/PredictAd.A potentially unwanted applicationH:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll a variant of Win64/Complitly.A potentially unwanted applicationH:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe a variant of Win32/PredictAd.A potentially unwanted application Link to comment Share on other sites More sharing options...
Juliet Posted June 9, 2015 Share Posted June 9, 2015 Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow) start CreateRestorePoint: CloseProcesses: C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe C:\Users\Ben\Downloads\ccsetup505.exe H:\Program Files (x86)\Conduit\Community Alerts\Alert.dll H:\Program Files (x86)\ConduitEngine\ConduitEngin.dll H:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe H:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll H:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll H:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe H:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll H:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll H:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll H:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe H:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll H:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll H:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe H:\Users\ben\AppData\Local\Temp\Stub.EXE H:\Users\ben\AppData\Local\Temp\YontooIEClient.dll H:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe H:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll H:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll H:\Users\ben\AppData\Roaming\Complitly\Complitly.dll H:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe H:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll H:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe EmptyTemp: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. How are things now? Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 9, 2015 Author Share Posted June 9, 2015 fix ran ok - no change with tab and popup - allot of the popups are java installs - I don't do them but that is allot of them. Just trying to give info Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015Ran by Ben at 2015-06-09 18:07:19 Run:2Running from C:\Users\Ben\DesktopLoaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)Boot Mode: Normal==============================================fixlist content:*****************startCreateRestorePoint:CloseProcesses:C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exeC:\Users\Ben\Downloads\ccsetup505.exeH:\Program Files (x86)\Conduit\Community Alerts\Alert.dllH:\Program Files (x86)\ConduitEngine\ConduitEngin.dllH:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exeH:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dllH:\Program Files (x86)\ConduitEngine\prxConduitEngin.dllH:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exeH:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dllH:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dllH:\Program Files (x86)\vshare.tv_Bar\tbvsha.dllH:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exeH:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dllH:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dllH:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllH:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exeH:\Users\ben\AppData\Local\Temp\Stub.EXEH:\Users\ben\AppData\Local\Temp\YontooIEClient.dllH:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exeH:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dllH:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dllH:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dllH:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dllH:\Users\ben\AppData\Roaming\Complitly\Complitly.dllH:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exeH:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dllH:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exeEmptyTemp:End*****************Restore point was successfully created.Processes closed successfully.C:\Users\Ben\Downloads\Avery Wizard 5.0_20140331.exe => moved successfully.C:\Users\Ben\Downloads\ccsetup505.exe => moved successfully.H:\Program Files (x86)\Conduit\Community Alerts\Alert.dll => moved successfully.H:\Program Files (x86)\ConduitEngine\ConduitEngin.dll => moved successfully.H:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe => moved successfully.H:\Program Files (x86)\ConduitEngine\ldrConduitEngin.dll => moved successfully.H:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll => moved successfully.H:\Program Files (x86)\Imagenomic\Noiseware Professional Plug-in\patch.exe => moved successfully.H:\Program Files (x86)\vshare.tv_Bar\ldrtbvsha.dll => moved successfully.H:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll => moved successfully.H:\Program Files (x86)\vshare.tv_Bar\tbvsha.dll => moved successfully.H:\Program Files (x86)\vshare.tv_Bar\vshare.tv_BarToolbarHelper.exe => moved successfully.H:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll => moved successfully.H:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll => moved successfully.H:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll => moved successfully.H:\Users\ben\AppData\Local\Conduit\CT2818425\vshare.tv_BarAutoUpdateHelper.exe => moved successfully.H:\Users\ben\AppData\Local\Temp\Stub.EXE => moved successfully.H:\Users\ben\AppData\Local\Temp\YontooIEClient.dll => moved successfully.H:\Users\ben\AppData\Local\Temp\YontooSetup-Silent.exe => moved successfully.H:\Users\ben\AppData\LocalLow\ConduitEngine\ConduitEngin.dll => moved successfully.H:\Users\ben\AppData\LocalLow\ConduitEngine\ldrConduitEngin.dll => moved successfully.H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\ldrtbvsha.dll => moved successfully.H:\Users\ben\AppData\LocalLow\vshare.tv_Bar\tbvsha.dll => moved successfully.H:\Users\ben\AppData\Roaming\Complitly\Complitly.dll => moved successfully.H:\Users\ben\AppData\Roaming\Complitly\KeepMeUpdated.exe => moved successfully.H:\Users\ben\AppData\Roaming\Complitly\64\Complitly64.dll => moved successfully.H:\Users\ben\AppData\Roaming\Complitly\64\KeepMeUpdated.exe => moved successfully.EmptyTemp: => 217.6 MB temporary data Removed.The system needed a reboot..==== End of Fixlog 18:07:35 ==== Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 9, 2015 Author Share Posted June 9, 2015 also - the right click menu is very strange ..... very long with way more options than normal. Link to comment Share on other sites More sharing options...
Juliet Posted June 9, 2015 Share Posted June 9, 2015 Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it: Let's reset browsers once again. Instructions on how to backup your Favourites/Bookmarks and other data can be found below. Backup Internet Explorer Favourites Backup Firefox Bookmarks Backup Chrome Bookmarks Proceed with the reset once done. Internet Explorer: How to reset Internet Explorer settings Firefox: Reset Firefox Chrome: Chrome - Reset browser settings ~~~~~~~~~~~~~~~~~~ Delete the version of AdwCleaner you have and we will download an updated one. AdwCleaner Please download AdwCleaner and save the file to your Desktop. Right-Click AdwCleaner.exe and select Run as administrator to run the programme. Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply. -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. ~~~~~~~~~~~~~~~~~~~~~ Let's update and run a scan with Malwarebytes Anti-Malware Click on Update Now to download the current database definitions, then click the Scan Now >> button. If you have run this version before, you should see a green note at the top indicating "Your system is fully protected". You will be prompted to update Malwarebytes...click on the Update Now button. The THREAT SCAN will automatically begin. When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions. To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware. After rebooting the computer, copy and paste the mbam.log in your next reply. To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1) Open Malwarebytes Anti-Malware. Click the History Tab at the top and select Application Logs. Select (check) the box next to Scan Log. Choose the most current scan. Click the View button. Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste. Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. ~~~~~~~~~~~~~~~~~~~~~~` Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme. Click Yes to the disclaimer. Ensure the Addition.txt box is checked. Click the Scan button and let the programme run. Upon completion, click OK, then OK on the Addition.txt pop up screen. Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` You can redownload Java from here. http://java.com/en/download/index.jsp Link to comment Share on other sites More sharing options...
Juliet Posted June 10, 2015 Share Posted June 10, 2015 the right click menu is very strange Is this only with Firefox https://support.mozilla.org/en-US/questions/956675 https://support.mozilla.org/en-US/questions/958458 If it works in Safe Mode and in normal mode with all extensions (Tools > Add-ons > Extensions) disabled then try to find which extension is causing it by enabling one extension at a time until the problem reappears. Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 10, 2015 Author Share Posted June 10, 2015 I only use firefox - I don't know if it's happening elsewhere Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 10, 2015 Author Share Posted June 10, 2015 So far I have uninstalled the only java install and ran adwcleaner Things still the same so far adwcleaner log - # AdwCleaner v4.206 - Logfile created 09/06/2015 at 19:42:52# Updated 01/06/2015 by Xplode# Database : 2015-06-09.1 [server]# Operating system : Windows 7 Ultimate Service Pack 1 (x64)# Username : Ben - BEN-PC# Running from : C:\Users\Ben\Desktop\AdwCleaner.exe# Option : Cleaning***** [ Services ] *****[#] Service Deleted : vToolbarUpdater18.5.0***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\Driver ManagerFolder Deleted : C:\ProgramData\Avg_Update_0814tbFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Users\Ben\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Ben\AppData\LocalLow\AVG Secure Search***** [ Scheduled tasks ] *****Task Deleted : AVG-Secure-Search-Update_JUNE2013_HP_rmvTask Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\IGearSettingsKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\Avg Secure UpdateKey Deleted : HKCU\Software\AppDataLow\Software\adawarebpKey Deleted : HKLM\SOFTWARE\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\AVG Security ToolbarKey Deleted : HKLM\SOFTWARE\Avg Secure UpdateKey Deleted : HKU\.DEFAULT\Software\Avg Secure UpdateKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0FKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCFData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17801-\\ Mozilla Firefox v38.0.6 (x86 en-US)[vl5k80lm.default-1433896162709\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285[...]*************************AdwCleaner[R0].txt - [7635 bytes] - [09/06/2015 19:36:44]AdwCleaner[s0].txt - [7447 bytes] - [09/06/2015 19:42:52]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7506 bytes] ########## Link to comment Share on other sites More sharing options...
Juliet Posted June 10, 2015 Share Posted June 10, 2015 Post these when you can FRST.txt & Addition.txt and MBAM I've got to call it a night. Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 10, 2015 Author Share Posted June 10, 2015 MBAM came up clean FRST logs below Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015Ran by Ben (administrator) on BEN-PC on 09-06-2015 21:04:58Running from C:\Users\Ben\DesktopLoaded Profiles: Ben & UpdatusUser (Available Profiles: Ben & UpdatusUser)Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\stacsv64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe( ) C:\Windows\System32\lxdncoms.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-12] (IDT, Inc.)HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Reminder] => C:\Program Files (x86)\Microsoft Money\System\reminder.exe [34304 1997-08-15] (Microsoft Corporation)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1376016 2015-05-25] (Lavasoft)HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)HKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBHKU\S-1-5-21-1628508633-2882252568-2130994149-1004\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HPStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-10-15]ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-1628508633-2882252568-2130994149-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cabHandler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.27.4FireFox:========FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vl5k80lm.default-1433896162709FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-06] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2012-12-02] ( )FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1628508633-2882252568-2130994149-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)==================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-07-22] (Macrovision Europe Ltd.) [File not signed]R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2751816 2015-05-25] (Lavasoft Limited)R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2012-06-27] (Hewlett-Packard Company) [File not signed]S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )R2 lxdn_device; C:\Windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-09-05] (Nalpeiron Ltd.) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe [186760 2010-12-14] ()R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_537d28af6b71ae43\STacSV64.exe [268288 2009-03-12] (IDT, Inc.)S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-27] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253920 2015-05-07] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [220128 2015-05-07] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-05-04] (AVG Technologies CZ, s.r.o.)R0 KSecDD; C:\Windows\SysWOW64\Drivers\ksecdd.sys [0 2013-02-21] () <==== ATTENTION (zero byte File/Folder)S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-07] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [27648 2014-12-12] (LG Electronics Inc.)S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [30208 2014-12-12] (LG Electronics Inc.)S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2014-12-12] (LG Electronics Inc.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S3 vzandnetadb; System32\Drivers\lgvzandnetadb.sys [X]S3 vzandnetndis; system32\DRIVERS\lgvzandnetndis64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-09 21:04 - 2015-06-09 21:05 - 00017860 _____ C:\Users\Ben\Desktop\FRST.txt2015-06-09 19:36 - 2015-06-09 19:42 - 00000000 ____D C:\AdwCleaner2015-06-09 19:35 - 2015-06-09 19:35 - 02231296 _____ C:\Users\Ben\Desktop\AdwCleaner.exe2015-06-08 22:09 - 2015-06-08 22:09 - 00000000 ____D C:\Program Files (x86)\ESET2015-06-08 22:08 - 2015-06-08 22:09 - 02870984 _____ (ESET) C:\Users\Ben\Downloads\esetsmartinstaller_enu.exe2015-06-08 18:47 - 2015-06-08 18:47 - 00025745 _____ C:\ComboFix.txt2015-06-08 18:33 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe2015-06-08 18:33 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe2015-06-08 18:33 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2015-06-08 18:33 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2015-06-08 18:33 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2015-06-08 18:33 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe2015-06-08 18:33 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe2015-06-08 18:33 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe2015-06-08 18:28 - 2015-06-08 18:47 - 00000000 ____D C:\Qoobox2015-06-08 18:28 - 2015-06-08 18:45 - 00000000 ____D C:\Windows\erdnt2015-06-08 18:25 - 2015-06-08 18:26 - 05628238 ____R (Swearware) C:\Users\Ben\Desktop\ComboFix.exe2015-06-08 18:25 - 2015-06-08 18:25 - 00000512 _____ C:\Users\Ben\Desktop\MBR.dat2015-06-08 18:10 - 2015-06-08 18:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-06-08 17:55 - 2015-06-08 17:55 - 05198336 _____ (AVAST Software) C:\Users\Ben\Desktop\aswMBR.exe2015-06-07 16:03 - 2015-06-07 17:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2015-06-07 16:02 - 2015-06-07 16:02 - 00000000 ____D C:\Users\Ben\Desktop\mbar-1.09.1.10042015-06-07 16:01 - 2015-06-07 16:01 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Ben\Desktop\mbar-1.09.1.1004.exe2015-06-07 15:53 - 2015-06-07 15:53 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BEN-PC-Windows-7-Ultimate-(64-bit).dat2015-06-07 15:53 - 2015-06-07 15:53 - 00000000 ____D C:\RegBackup2015-06-07 15:52 - 2015-06-07 15:52 - 02942406 _____ (Thisisu) C:\Users\Ben\Desktop\JRT.exe2015-06-06 18:52 - 2015-06-06 18:52 - 00000000 ____D C:\Users\Ben\AppData\Local\GWX2015-06-05 19:48 - 2015-06-09 21:04 - 00000000 ____D C:\FRST2015-06-05 19:46 - 2015-06-05 19:46 - 02108928 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe2015-06-05 19:46 - 2015-06-05 19:46 - 00688992 _____ (Swearware) C:\Users\Ben\Downloads\dds.com2015-06-05 05:09 - 2015-05-22 13:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-06-05 05:09 - 2015-05-22 13:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-06-05 05:09 - 2015-05-22 13:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-06-05 05:09 - 2015-05-22 13:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-06-05 05:09 - 2015-05-22 13:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-06-05 05:09 - 2015-05-22 13:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-06-05 05:09 - 2015-05-22 13:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-06-05 05:09 - 2015-05-21 08:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2015-06-03 20:39 - 2015-06-03 20:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2015-06-03 20:38 - 2015-06-03 20:38 - 22064896 _____ (SUPERAntiSpyware) C:\Users\Ben\Downloads\SUPERAntiSpyware.exe2015-06-02 20:34 - 2015-06-02 20:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2015-06-02 20:33 - 2015-06-03 20:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-06-02 20:33 - 2015-06-02 20:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22015-06-02 20:33 - 2015-06-02 20:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ben\Downloads\spybot-2.4.exe2015-06-02 20:33 - 2015-06-02 20:33 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2015-06-02 20:33 - 2015-06-02 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22015-06-02 20:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2015-06-02 09:38 - 2015-06-02 09:38 - 00000000 ____D C:\Users\Ben\AppData\Local\Avg2015-06-01 19:55 - 2015-06-07 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft2015-06-01 19:55 - 2015-06-01 19:55 - 00000000 ____D C:\Users\Ben\AppData\Roaming\LavasoftStatistics2015-06-01 19:55 - 2015-06-01 19:55 - 00000000 ____D C:\Users\Ben\AppData\Local\Lavasoft2015-06-01 19:55 - 2015-06-01 19:55 - 00000000 ____D C:\Program Files (x86)\Lavasoft2015-06-01 19:55 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll2015-06-01 19:55 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll2015-06-01 19:53 - 2015-06-07 15:43 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Lavasoft2015-06-01 19:53 - 2015-06-07 15:43 - 00000000 ____D C:\ProgramData\Lavasoft2015-06-01 19:53 - 2015-06-01 19:53 - 02057008 _____ C:\Users\Ben\Downloads\Adaware_Installer.exe2015-05-25 20:25 - 2015-06-09 19:29 - 00000000 ____D C:\Users\Ben\Desktop\Old Firefox Data2015-05-25 20:21 - 2015-06-09 19:44 - 00000504 _____ C:\Windows\setupact.log2015-05-25 20:21 - 2015-06-08 18:43 - 00001884 _____ C:\Windows\PFRO.log2015-05-25 20:21 - 2015-05-25 20:21 - 00000000 _____ C:\Windows\setuperr.log2015-05-25 20:20 - 2015-05-25 20:20 - 00190972 _____ C:\Users\Ben\Documents\cc_20150525_202000.reg2015-05-25 20:15 - 2015-05-25 20:15 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC2015-05-25 20:15 - 2015-05-25 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2015-05-25 20:15 - 2015-05-25 20:15 - 00000000 ____D C:\Program Files\CCleaner2015-05-25 18:34 - 2015-06-09 19:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-05-25 18:34 - 2015-06-07 16:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D C:\ProgramData\Malwarebytes2015-05-25 18:34 - 2015-05-25 18:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-25 18:34 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-05-25 18:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-05-25 18:33 - 2015-05-25 18:33 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ben\Downloads\mbam-setup-2.1.6.1022.exe2015-05-25 10:07 - 2015-05-25 10:07 - 06870552 _____ (ParetoLogic, Inc.) C:\Users\Ben\Downloads\RegCureProSetup_f9decd8_.exe2015-05-25 10:04 - 2015-05-25 10:04 - 00000000 _____ C:\autoexec.bat2015-05-25 10:01 - 2015-05-25 10:02 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ben\Downloads\SpyHunter-Installer.exe2015-05-25 09:41 - 2015-05-25 09:41 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files2015-05-19 20:09 - 2015-05-19 20:09 - 00716896 _____ (Kaspersky Lab) C:\Users\Ben\Downloads\setup.exe2015-05-13 01:02 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-05-13 01:02 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-05-12 21:55 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-05-12 21:55 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-05-12 21:55 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-05-12 21:55 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-05-12 21:55 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-05-12 21:55 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-05-12 21:55 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-05-12 21:55 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll2015-05-12 21:55 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-05-12 21:55 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-05-12 21:55 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-05-12 21:55 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe2015-05-12 21:55 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-05-12 21:55 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-05-12 21:55 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-05-12 21:55 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-05-12 21:55 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-05-12 21:55 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-05-12 21:55 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2015-05-12 21:55 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-05-12 21:55 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe2015-05-12 21:55 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe2015-05-12 21:55 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe2015-05-12 21:55 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe2015-05-12 21:55 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-05-12 21:55 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-05-12 21:55 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-05-12 21:55 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-05-12 21:55 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-05-12 21:55 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-05-12 21:55 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe2015-05-12 21:55 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-05-12 21:55 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-05-12 21:55 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll2015-05-12 21:55 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-05-12 21:55 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-05-12 21:55 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-05-12 21:55 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-05-12 21:55 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-05-12 21:55 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-05-12 21:55 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-05-12 21:55 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-05-12 21:55 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-05-12 21:55 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-05-12 21:55 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-05-12 21:55 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-05-12 21:55 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-05-12 21:55 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-05-12 21:55 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-05-12 21:55 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-05-12 21:55 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-05-12 21:55 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-05-12 21:55 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-05-12 21:55 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-05-12 21:55 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-05-12 21:55 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-05-12 21:55 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-05-12 21:55 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-05-12 21:55 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-05-12 21:55 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-05-12 21:55 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-05-12 21:55 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-05-12 21:55 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-05-12 21:55 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-05-12 21:55 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-05-12 21:55 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-05-12 21:55 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-05-12 21:55 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-05-12 21:55 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-05-12 21:55 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-05-12 21:55 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-05-12 21:55 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-05-12 21:55 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-05-12 21:55 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-05-12 21:55 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-05-12 21:55 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-05-12 21:55 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-05-12 21:55 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-05-12 21:55 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-05-12 21:55 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-05-12 21:55 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-05-12 21:55 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-05-12 21:55 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-05-12 21:55 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-05-12 21:55 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-05-12 21:55 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-05-12 21:55 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-05-12 21:55 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-05-12 21:55 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-05-12 21:55 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-05-12 21:55 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-05-12 21:55 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-05-12 21:55 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-05-12 21:55 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-05-12 21:55 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-05-12 21:55 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-05-12 21:55 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-05-12 21:55 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-05-12 21:55 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-05-12 21:55 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-05-12 21:55 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe2015-05-12 21:54 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-05-12 21:54 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-05-12 21:54 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-05-12 21:54 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-05-12 21:54 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-05-12 21:54 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-05-12 21:54 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-05-12 21:54 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll2015-05-12 21:54 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll2015-05-12 21:54 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe2015-05-12 21:54 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll2015-05-12 21:54 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll2015-05-12 21:54 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll2015-05-12 21:54 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe2015-05-12 21:54 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe2015-05-12 21:54 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe2015-05-12 21:54 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll2015-05-12 21:54 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-06-09 20:36 - 2012-08-14 03:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-06-09 19:52 - 2009-07-13 23:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-09 19:52 - 2009-07-13 23:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-09 19:51 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI2015-06-09 19:47 - 2012-07-21 21:00 - 01365597 _____ C:\Windows\WindowsUpdate.log2015-06-09 19:44 - 2012-11-18 02:01 - 00000000 ____D C:\ProgramData\NVIDIA2015-06-09 19:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-09 19:28 - 2013-07-06 16:40 - 00000000 ____D C:\Program Files (x86)\Java2015-06-09 09:11 - 2012-07-21 21:12 - 00000000 ____D C:\ProgramData\MFAData2015-06-08 18:47 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default2015-06-08 18:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini2015-06-08 18:43 - 2012-07-22 01:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-06-07 15:46 - 2013-07-06 16:38 - 00000000 ____D C:\Windows\system32\appmgmt2015-06-06 01:15 - 2015-04-15 01:26 - 00000000 ____D C:\Windows\system32\appraiser2015-06-06 01:15 - 2014-04-30 01:00 - 00000000 ___SD C:\Windows\system32\CompatTel2015-06-02 09:39 - 2014-04-08 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-05-25 20:17 - 2012-11-16 15:00 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Azureus2015-05-25 20:17 - 2012-10-03 03:53 - 00000000 ____D C:\Users\Ben\AppData\Roaming\CoreFTP2015-05-25 20:17 - 2012-07-23 00:02 - 00000000 ____D C:\Users\Ben\AppData\Roaming\uTorrent2015-05-25 20:17 - 2012-07-21 23:49 - 00000000 ____D C:\Windows\Panther2015-05-25 19:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports2015-05-25 19:58 - 2012-11-16 14:59 - 00000000 ____D C:\Program Files (x86)\Vuze2015-05-20 01:00 - 2015-04-04 12:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-05-20 01:00 - 2015-04-04 12:46 - 00000000 ___SD C:\Windows\system32\GWX2015-05-18 21:50 - 2015-04-26 22:05 - 00000000 ____D C:\Users\Ben\Desktop\mustang seat2015-05-17 21:36 - 2014-03-19 14:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2015-05-13 02:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2015-05-13 01:30 - 2013-05-28 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-05-13 01:30 - 2013-05-28 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-05-13 01:30 - 2009-07-13 23:45 - 04972920 _____ C:\Windows\system32\FNTCACHE.DAT2015-05-13 01:29 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal2015-05-13 01:29 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers2015-05-13 01:11 - 2013-07-27 01:02 - 00000000 ____D C:\Windows\system32\MRT2015-05-13 01:11 - 2012-07-22 03:00 - 00000000 ____D C:\ProgramData\Microsoft Help2015-05-13 01:04 - 2012-07-21 21:20 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-05-13 01:02 - 2013-05-28 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight==================== Files in the root of some directories =======2013-06-26 20:17 - 2014-06-22 18:26 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml2012-10-22 02:02 - 2012-10-22 02:07 - 0000132 _____ () C:\Users\Ben\AppData\Roaming\Adobe GIF Format CS5 Prefs2012-07-22 02:38 - 2012-07-22 02:40 - 0007600 _____ () C:\Users\Ben\AppData\Local\resmon.resmoncfgSome files in TEMP:====================C:\Users\Ben\AppData\Local\Temp\Quarantine.exeC:\Users\Ben\AppData\Local\Temp\sqlite3.dllSome zero byte size files/folders:==========================C:\Windows\SysWOW64\Drivers\ACPIPMI.SYSC:\Windows\SysWOW64\Drivers\ADPU320.SYSC:\Windows\SysWOW64\Drivers\AGP440.SYSC:\Windows\SysWOW64\Drivers\AVGTPX64.SYSC:\Windows\SysWOW64\Drivers\BRSERWDM.SYSC:\Windows\SysWOW64\Drivers\BXVBDA.SYSC:\Windows\SysWOW64\Drivers\KSECDD.SYSC:\Windows\SysWOW64\Drivers\UMBUS.SYS==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-06-03 00:20==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015Ran by Ben at 2015-06-09 21:05:29Running from C:\Users\Ben\DesktopBoot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-1628508633-2882252568-2130994149-500 - Administrator - Disabled)Ben (S-1-5-21-1628508633-2882252568-2130994149-1001 - Administrator - Enabled) => C:\Users\BenGuest (S-1-5-21-1628508633-2882252568-2130994149-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1628508633-2882252568-2130994149-1002 - Limited - Enabled)UpdatusUser (S-1-5-21-1628508633-2882252568-2130994149-1004 - Limited - Enabled) => C:\Users\UpdatusUser==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKU\S-1-5-21-1628508633-2882252568-2130994149-1001\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) HiddenAd-Aware Web Companion (x32 Version: 2.0.1013.2086 - Lavasoft) HiddenAdobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{AE29D445-8164-4CD1-8824-FCE85C0BB179}) (Version: 5.0 - Adobe Systems Incorporated)Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)AVG 2015 (Version: 15.0.4355 - AVG Technologies) HiddenAVG 2015 (Version: 15.0.5961 - AVG Technologies) HiddenAVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)Bigasoft Total Video Converter 3.7.24.4700 (HKLM-x32\...\{a72ce741-1f32-4d79-bffb-a714375c678d}_is1) (Version: - Bigasoft Corporation)CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete Stand-Alone) (Version: 3.1.1.0 - Nik Software, Inc.)Core FTP Pro 2.1 (HKLM-x32\...\Core FTP Pro 2.1) (Version: - )Dfine 2.0 (HKLM-x32\...\Dfine 2.0) (Version: 2.1.1.2 - Nik Software, Inc.)DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )HDR Efex Pro (HKLM-x32\...\HDR Efex Pro) (Version: 1.0.0.0 - Nik Software, Inc.)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.20001.0 - IDT)Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version: - )Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )LavasoftTcpService (x32 Version: 2.3.4.2 - Lavasoft) HiddenLexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)LG Verizon United Driver (HKLM-x32\...\{A17B9856-40CF-4BEA-BB65-ADB8154A83DC}) (Version: 2.20.0 - LG Electronics)LightScribe System Software (HKLM-x32\...\{90538B62-F392-4DE1-B886-7B48123866E9}) (Version: 1.18.26.7 - LightScribe)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Money 98 (HKLM-x32\...\MSMONEYV60) (Version: - )Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) Link to comment Share on other sites More sharing options...
WsW-WYATT-EARP Posted June 10, 2015 Author Share Posted June 10, 2015 (edited) Is this only with Firefox https://support.mozilla.org/en-US/questions/956675 https://support.mozilla.org/en-US/questions/958458 If it works in Safe Mode and in normal mode with all extensions (Tools > Add-ons > Extensions) disabled then try to find which extension is causing it by enabling one extension at a time until the problem reappears. I show no extensions are installed or enabled - I tried safe mode and same results. I could uninstall completely and reinstall firefox? I haven't tried IE to see if it too has issues. https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer Edited June 10, 2015 by WsW-WYATT-EARP Link to comment Share on other sites More sharing options...
Recommended Posts