Jump to content

Change Mode

Inlaws PC is running very slow and redirecting links


BigDog43
 Share

Recommended Posts

I'm trying to get my inlaws PC running smoothly as they are complaining about it being very slow. I ran Spybot S&D and that seemed to help a lot but I'm noticing hijacked links now, etc. Adaware didn't find anything after Spybot. I also notice the Wild Tangent program is present, not sure if that's a problem or not. They're running windows 10 on a 64 bit machine. Thank you in advance for your help.

 

Here are my DDS and FRST logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by Debbie at 11:51:10 on 2015-11-27
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.7622.4183 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\loggingserver.exe
svchost.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.9.0.231\AVG SafeGuard toolbar_toolbar.dll
uRun: [HP Officejet 4630 series (NET)] "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN42A3B0PG05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
uRun: [OneDrive] "C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [YouCam Service] "c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avgui.exe" /TRAYONLY
mRun: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2b774eeb-f7ca-44b5-96a8-0de5b08a8bca} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{81629b87-1904-48cd-b429-c8a035eadd82} : DHCPNameServer = 192.168.1.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.9.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.9.0.231\AVG SafeGuard toolbar_toolbar.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
x64-Run: [simplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui
x64-Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
x64-Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\WINDOWS\System32\drivers\amd_sata.sys [2013-3-31 80552]
R0 amd_xata;amd_xata;C:\WINDOWS\System32\drivers\amd_xata.sys [2013-3-31 26280]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-5-22 36096]
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\drivers\avgidsha.sys [2015-5-26 298416]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\drivers\avgloga.sys [2015-8-14 398256]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\drivers\avgmfx64.sys [2015-10-21 255408]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\drivers\avgrkx64.sys [2014-6-17 42416]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-27 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 Avgdiska;AVG Disk Driver;C:\WINDOWS\System32\drivers\avgdiska.sys [2015-8-10 197040]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\drivers\avgidsdrivera.sys [2014-7-21 313776]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\drivers\avgldx64.sys [2015-10-21 284080]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\drivers\avgwfpa.sys [2015-10-8 306608]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2013-11-12 91712]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2015-6-24 117168]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-8-1 264224]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2015-10-30 3815648]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2015-11-12 1046952]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2015-10-30 579776]
R2 Cachedrv server; HP SimplePass Cachedrv Service;C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [2013-9-26 109568]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-8-31 2797752]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 176624]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-11-12 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-11-12 298760]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-4-24 227904]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe [2015-11-19 712432]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-6-24 312064]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-11-27 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-11-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-11-27 171928]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2015-11-23 4378024]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 vToolbarUpdater18.9.0;vToolbarUpdater18.9.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [2015-9-30 1862032]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\WINDOWS\System32\drivers\clwvd.sys [2013-11-12 41408]
R3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-5 310528]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-11-12 830680]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2015-10-14 31144]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
RUnknown mfencbdc;mfencbdc; [x]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\drivers\avgboota.sys [2015-9-9 23152]
S2 0136351448644757mcinstcleanup;McAfee Application Installer Cleanup (0136351448644757);C:\Users\Debbie\AppData\Local\Temp\013635~1.EXE -cleanup -nolog --> C:\Users\Debbie\AppData\Local\Temp\013635~1.EXE -cleanup -nolog [?]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\WINDOWS\System32\mfevtps.exe" --> C:\WINDOWS\System32\mfevtps.exe [?]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2015-10-30 595376]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-1 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft ® Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-27 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-27 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-27 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-27 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-27 685568]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-7-10 214016]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
S4 mfefire;McAfee Firewall Core Service;"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" --> C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [?]
SUnknown HomeNetSvc;HomeNetSvc; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2015-11-27 17:12:18 -------- d-----w- C:\Users\Debbie\AppData\Roaming\LavasoftStatistics
2015-11-27 17:11:19 -------- d-----w- C:\Program Files\Lavasoft
2015-11-27 17:09:40 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2015-11-27 17:05:05 16148 ----a-w- C:\WINDOWS\System32\OFFICE_Debbie_HistoryPrediction.bin
2015-11-27 15:18:38 21040 ----a-w- C:\WINDOWS\System32\sdnclean64.exe
2015-11-27 15:18:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-11-27 15:18:11 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-27 15:17:38 -------- d-----w- C:\Users\Debbie\AppData\Local\Programs
2015-11-24 14:57:42 37288 ----a-w- C:\WINDOWS\System32\authuitu.dll
2015-11-24 14:57:42 32680 ----a-w- C:\WINDOWS\SysWow64\authuitu.dll
2015-11-24 14:57:40 48552 ----a-w- C:\WINDOWS\System32\uxtuneup.dll
2015-11-24 14:57:40 42408 ----a-w- C:\WINDOWS\SysWow64\uxtuneup.dll
2015-11-24 00:05:33 -------- d-----w- C:\Program Files\iPod
2015-11-24 00:05:33 -------- d-----w- C:\Program Files (x86)\iTunes
2015-11-24 00:05:31 -------- d-----w- C:\Program Files\iTunes
2015-11-04 09:32:33 -------- d-----w- C:\ProgramData\Avg_Update_1015av
2015-10-30 04:39:03 46504 ----a-w- C:\WINDOWS\System32\TURegOpt.exe
.
==================== Find3M ====================
.
2015-11-27 17:01:59 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2015-11-05 05:15:45 8020832 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-11-05 05:15:43 541024 ----a-w- C:\WINDOWS\System32\mcupdate_GenuineIntel.dll
2015-11-05 05:14:21 459104 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2015-11-05 05:13:31 577888 ----a-w- C:\WINDOWS\System32\drivers\afd.sys
2015-11-05 05:11:46 1392480 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-11-05 05:06:10 966416 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2015-11-05 05:01:05 607408 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-11-05 04:56:48 1083072 ----a-w- C:\WINDOWS\System32\appraiser.dll
2015-11-05 04:56:44 25280 ----a-w- C:\WINDOWS\System32\CompatTelRunner.exe
2015-11-05 04:56:39 116064 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2015-11-05 04:30:20 961376 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-11-05 04:23:42 76800 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2015-11-05 04:23:32 762888 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2015-11-05 04:20:43 21873664 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-11-05 04:18:37 3248128 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-11-05 04:18:34 539728 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-11-05 04:17:35 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-11-05 04:12:31 515072 ----a-w- C:\WINDOWS\System32\internetmail.dll
2015-11-05 04:11:30 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2015-11-05 04:10:48 2987520 ----a-w- C:\WINDOWS\System32\esent.dll
2015-11-05 04:07:02 1068032 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-11-05 04:06:41 453120 ----a-w- C:\WINDOWS\System32\Windows.Devices.Usb.dll
2015-11-05 04:03:52 2180608 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-11-05 04:03:49 1015808 ----a-w- C:\WINDOWS\System32\RDXService.dll
2015-11-05 04:01:52 949760 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-11-05 04:01:41 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-11-05 04:01:38 713216 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-11-05 03:59:20 3587072 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-11-05 03:59:13 2675200 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2015-11-05 03:58:50 627712 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-11-05 03:58:36 1383936 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-11-05 03:58:02 48128 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-11-05 03:56:30 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-11-05 03:55:55 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2015-11-05 03:54:44 502272 ----a-w- C:\WINDOWS\System32\dlnashext.dll
2015-11-05 03:42:23 2647040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-11-05 03:40:41 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-11-05 03:35:47 18803712 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-11-05 03:35:04 2639872 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2015-11-05 03:34:45 311296 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
2015-11-05 03:30:03 767488 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll
2015-11-05 03:27:12 464896 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-11-05 03:27:12 2049536 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2015-11-05 03:26:33 457728 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-11-05 03:23:15 441344 ----a-w- C:\WINDOWS\SysWow64\dlnashext.dll
2015-11-03 18:20:11 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-11-03 18:20:11 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-10-21 22:16:48 284080 ----a-w- C:\WINDOWS\System32\drivers\avgldx64.sys
2015-10-21 22:15:02 255408 ----a-w- C:\WINDOWS\System32\drivers\avgmfx64.sys
2015-10-19 14:03:24 313776 ----a-w- C:\WINDOWS\System32\drivers\avgidsdrivera.sys
2015-10-10 07:12:02 78528 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-10-08 13:46:44 306608 ----a-w- C:\WINDOWS\System32\drivers\avgwfpa.sys
2015-10-06 03:03:57 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-10-06 02:46:57 13027840 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-10-01 04:01:10 858408 ----a-w- C:\WINDOWS\System32\winresume.exe
2015-10-01 04:01:10 1018568 ----a-w- C:\WINDOWS\System32\winresume.efi
2015-10-01 04:01:03 1294352 ----a-w- C:\WINDOWS\System32\winload.efi
2015-10-01 04:01:03 1123400 ----a-w- C:\WINDOWS\System32\winload.exe
2015-10-01 03:03:36 757760 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-09-25 04:01:54 2573768 ----a-w- C:\WINDOWS\System32\msxml6.dll
2015-09-25 04:01:05 498016 ----a-w- C:\WINDOWS\System32\drivers\usbhub.sys
2015-09-25 03:52:05 980832 ----a-w- C:\WINDOWS\System32\SecConfig.efi
2015-09-25 03:33:37 1997336 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2015-09-25 03:11:52 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 03:11:49 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 03:07:38 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-25 03:04:12 771072 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2015-09-25 03:03:53 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-09-25 03:03:35 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-25 03:02:56 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-25 03:02:35 7523840 ----a-w- C:\WINDOWS\System32\Chakra.dll
2015-09-25 03:01:26 4792320 ----a-w- C:\WINDOWS\System32\jscript9.dll
2015-09-25 03:00:50 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-25 03:00:07 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-25 03:00:05 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-25 02:59:54 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-25 02:59:48 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-25 02:59:48 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-25 02:59:38 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-25 02:59:31 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-25 02:59:04 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-25 02:58:37 1871360 ----a-w- C:\WINDOWS\System32\msxml3.dll
2015-09-25 02:47:16 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-25 02:47:16 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-25 02:38:45 574464 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2015-09-25 02:38:40 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-09-25 02:38:19 3580416 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2015-09-25 02:37:35 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-25 02:37:09 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-25 02:36:04 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2015-09-25 02:34:21 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-25 02:34:19 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-25 02:34:07 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-25 02:34:03 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-25 02:34:00 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-25 02:33:44 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-25 02:32:49 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-25 02:32:35 1594368 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
.
============= FINISH: 11:52:27.88 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2015 9:13:12 PM
System Uptime: 11/27/2015 11:02:11 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 2B0B
Processor: AMD A6-5200 APU with Radeon HD Graphics | P0 | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 836.356 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.877 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP23: 11/8/2015 12:49:52 PM - Windows Update
RP24: 11/13/2015 12:03:44 PM - Windows Update
RP25: 11/16/2015 11:12:49 PM - Windows Update
RP26: 11/20/2015 12:47:32 PM - Windows Update
RP27: 11/23/2015 6:06:40 PM - Windows Update
RP28: 11/27/2015 8:28:59 AM - Windows Update
.
==== Installed Programs ======================
.
4 Elements II
7-Zip 9.20 (x64 edition)
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Air Control Simulator
Airport Mania
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AntimalwareEngine
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
AVG
AVG 2016
AVG PC TuneUp
AVG Protection
AVG SafeGuard toolbar
Azkend 2: The World Beneath
Bejeweled 3
Bonjour
Bounce Symphony
Build-a-lot
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Coupon Printer for Windows
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
Curse at Twilight
CyberLink LabelPrint
CyberLink Media Suite 10
Cyberlink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 12
CyberLink YouCam
D3DX10
Delicious: Emily's Childhood Memories Premium Edition
Energy Star
Farm Frenzy
Fishdom 3: Collector's Edition
FMW 1
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.2.3
House of 1000 Doors: Family Secrets
HP Connected Music (Meridian - installer)
HP Connected Music (Meridian - player)
HP Customer Experience Enhancements
HP Documentation
HP Officejet 4630 series Basic Device Software
HP Officejet 4630 series Help
HP PC Hardware Diagnostics UEFI
HP Photo Creations
HP Postscript Converter
HP Registration Service
HP SimplePass
HP Support Assistant
HP Support Information
HP Update
I.R.I.S. OCR
Inst5675
Inst5676
iTunes
Jewel Match 3
John Deere Drive Green
King Oddball
Luxor Evolved
Mahjongg Dimensions Deluxe
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Peggle Nights
Penguins!
Photo Common
Photo Gallery
Pinger
Plants vs. Zombies - Game of the Year
Polar Bowler
Product Improvement Study for HP Officejet 4630 series
Qualcomm Atheros Driver Installation Program
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recovery Manager
Roads of Rome 3
Search Protect
Spybot - Search & Destroy
Tales of Lagoona
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wlaiper
TurboTax 2014 wrapper
TurboTax 2014 wtniper
Update for Microsoft en-us Dictionary
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
.
==== Event Viewer Messages From Past Week ========
.
11/27/2015 8:31:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070490: HP - Enterprise WSD Multi-Function Printer, Other hardware - Null Fax - HP Officejet 4630 series.
11/27/2015 8:18:13 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXwmnqm0nvq2b90pwvr42qmtdjp7cj3w82.mca
11/27/2015 11:09:46 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user Office\Debbie SID (S-1-5-21-3798676491-4103397498-3035539754-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.
11/27/2015 11:06:24 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/27/2015 11:03:51 AM, Error: Service Control Manager [7000] - The McAfee Inc. mfeapfk service failed to start due to the following error: The specified service does not exist.
11/27/2015 11:01:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.
11/27/2015 11:01:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
11/27/2015 11:01:33 AM, Error: Service Control Manager [7031] - The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/27/2015 11:01:33 AM, Error: Service Control Manager [7031] - The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/27/2015 11:01:33 AM, Error: Service Control Manager [7031] - The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/27/2015 11:01:33 AM, Error: Service Control Manager [7031] - The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/26/2015 3:24:18 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).
11/26/2015 12:10:13 AM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2015 1:37:45 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows. A corruption was found in a file system index structure. The file reference number is 0x75000000040c8a. The name of the file is "\Windows". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
11/26/2015 1:23:33 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
11/25/2015 9:38:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVGIDSAgent service.
11/24/2015 8:57:41 AM, Error: Service Control Manager [7000] - The AVG Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
11/24/2015 7:03:41 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 5 time(s).
11/24/2015 3:03:16 PM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 4 time(s).
11/24/2015 11:02:11 AM, Error: Service Control Manager [7034] - The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 3 time(s).
11/23/2015 6:36:41 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume Windows. A corruption was found in a file system index structure. The file reference number is 0x5d000000040a06. The name of the file is "\Users". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
11/23/2015 5:50:26 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
11/23/2015 5:49:50 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: CortanaUI.AppXy9c4md1kd3008khwtxgavrvhg9yjpjzw.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
11/23/2015 5:49:40 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: CortanaUI.AppX711wbbqg58k5e6x44f02q8a6ngaz9f50.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
11/23/2015 5:49:28 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: CortanaUI.AppX8z5q44mt1b9k6x2nkjj0bkr2e1ac0dxy.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
11/23/2015 5:49:17 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: CortanaUI.AppX4vfn8fnmy7kc57mn70m37a71b7zc9r0n.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
11/23/2015 5:44:59 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
.
==== End Of File ===========================

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-11-2015
Ran by Debbie (administrator) on OFFICE (27-11-2015 11:57:22)
Running from C:\Users\Debbie\Downloads
Loaded Profiles: Debbie (Available Profiles: Debbie)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.662.8718\AdAwareTray.exe [9574112 2015-11-19] ()
HKLM-x32\...\Run: [YouCam Service] => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2569616 2015-10-29] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3798676491-4103397498-3035539754-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-3798676491-4103397498-3035539754-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Debbie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-02] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2b774eeb-f7ca-44b5-96a8-0de5b08a8bca}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{81629b87-1904-48cd-b429-c8a035eadd82}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3798676491-4103397498-3035539754-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={05342500-0513-41FE-9E12-4F582011E61B}&mid=185fe79a2ef447d2a1e4151d02d2001a-09da41995b325ff946ecd257837bca0234ee0cde&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 10:34:56&v=18.9.0.231&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={05342500-0513-41FE-9E12-4F582011E61B}&mid=185fe79a2ef447d2a1e4151d02d2001a-09da41995b325ff946ecd257837bca0234ee0cde&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 10:34:56&v=18.9.0.231&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3798676491-4103397498

Edited by BigDog43
Link to comment
Share on other sites

NOTE: It is good practice to copy and paste the instructions into notepad and save to desktop and/or print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}

FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}

SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}

 

You have multiple antivirus on the computer. This in the end can cause havoc and especially not allow us to work.

Please get this down to just 1, your choice.

 

~~~~~~~~~~`

 

Please go to add/remove programs and remove/uninstall

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION

 

~~~~~~~~~~

 

Running from C:\Users\Debbie\Downloads

 

It's best we move Farbar's to desktop.

 

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

 

start

CreateRestorePoint:

CloseProcesses:

HKLM\...\Run: [] => [X]

HKLM-x32\...\Run: [] => [X]

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File

SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={05342500-0513-41FE-9E12-4F582011E61B}&mid=185fe79a2ef447d2a1e4151d02d2001a-09da41995b325ff946ecd257837bca0234ee0cde&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 10:34:56&v=18.9.0.231&pid=safeguard&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={05342500-0513-41FE-9E12-4F582011E61B}&mid=185fe79a2ef447d2a1e4151d02d2001a-09da41995b325ff946ecd257837bca0234ee0cde&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 10:34:56&v=18.9.0.231&pid=safeguard&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> {e0d3e517-11f3-40ef-8ebe-e02f4f484f38} URL = hxxp://isearch.shopathome.com?user_id={8b3c63b6-e340-403d-ac9c-88baccec8e3c}&q={searchTerms}

S2 0136351448644757mcinstcleanup; C:\Users\Debbie\AppData\Local\Temp\013635~1.EXE [836168 2014-03-13] (McAfee, Inc.)

S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]

S2 mfevtp; "C:\windows\system32\mfevtps.exe" [X]

S0 cfwids; system32\drivers\cfwids.sys [X]

U3 McAPExe; no ImagePath

U3 McMPFSvc; no ImagePath

U3 McNaiAnn; no ImagePath

U3 mcpltsvc; no ImagePath

U3 McProxy; no ImagePath

S0 mfeapfk; system32\drivers\mfeapfk.sys [X]

R0 mfeavfk; system32\drivers\mfeavfk.sys [X]

U3 mfecore; no ImagePath

S0 mfeelamk; system32\drivers\mfeelamk.sys [X]

S0 mfefirek; system32\drivers\mfefirek.sys [X]

R3 mfehidk; system32\drivers\mfehidk.sys [X]

R3 mfewfpk; system32\drivers\mfewfpk.sys [X]

U3 MSK80Service; no ImagePath

C:\Users\Debbie\AppData\Local\Temp\0136351448644757mcinst.exe

C:\Users\Debbie\AppData\Local\Temp\avg-6fa78775-a9c5-455d-ad98-1704415e033f.exe

C:\Users\Debbie\AppData\Local\Temp\avguirn_081908276739.exe

Task: {289A41D9-94AE-47B5-BC27-C695083B08DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {2FEAC0F3-2B63-4ED0-937F-1EF0AC78871A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {39DA4AD4-9A6A-4116-A12C-24F662967C77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {94C6A408-F9EA-4273-A239-2F2E11AA05E8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {94E4A824-18EC-4965-8057-4568105D7F1B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {97D5C5DE-8D7D-4F77-B3F1-01688CA613D4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {A5196124-B6B9-4146-B6B2-36BCF2C671DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {AD0A37A7-8382-4B95-B5CB-E645428B4A2F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {B208BE2F-DBE3-4B0D-B03C-A1EC3CBA5905} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {E164A812-4D5B-4B22-B791-49180161F47C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {F04BED37-CFE3-4B48-99C0-3FE4E9FFBC7E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

EmptyTemp:

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

~~~~~~~~~~~~~~~``

 

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click Scan.
  • Upon completion, click Report. A log (AdwCleaner[sX].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
  • Follow the prompts and allow your computer to reboot.
  • After rebooting, a log (AdwCleaner[sX].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool

or from here http://downloads.malwarebytes.org/file/jrt

to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~

please post

Fixlog.txt

AdwCleaner[CX].txt

JRT.txt

Link to comment
Share on other sites

I had a problem with Adwcleaner. After I ran it, AVG deleted it. I had disabled AVG, but it just wouldn't turn off. I have removed it for the time being and redownload an AV tool after we are done here. I was able to run Adwcleaner again, but it didn't show me the items to fix again on the second time so I'm not sure the log will reflect what was "fixed".

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-11-2015
Ran by Debbie (2015-11-27 13:30:28) Run:1
Running from C:\Users\Debbie\Desktop
Loaded Profiles: Debbie (Available Profiles: Debbie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={05342500-0513-41FE-9E12-4F582011E61B}&mid=185fe79a2ef447d2a1e4151d02d2001a-09da41995b325ff946ecd257837bca0234ee0cde&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 10:34:56&v=18.9.0.231&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={05342500-0513-41FE-9E12-4F582011E61B}&mid=185fe79a2ef447d2a1e4151d02d2001a-09da41995b325ff946ecd257837bca0234ee0cde&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-22 10:34:56&v=18.9.0.231&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3798676491-4103397498-3035539754-1001 -> {e0d3e517-11f3-40ef-8ebe-e02f4f484f38} URL = hxxp://isearch.shopathome.com?user_id={8b3c63b6-e340-403d-ac9c-88baccec8e3c}&q={searchTerms}
S2 0136351448644757mcinstcleanup; C:\Users\Debbie\AppData\Local\Temp\013635~1.EXE [836168 2014-03-13] (McAfee, Inc.)
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\windows\system32\mfevtps.exe" [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
U3 mfecore; no ImagePath
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R3 mfehidk; system32\drivers\mfehidk.sys [X]
R3 mfewfpk; system32\drivers\mfewfpk.sys [X]
U3 MSK80Service; no ImagePath
C:\Users\Debbie\AppData\Local\Temp\0136351448644757mcinst.exe
C:\Users\Debbie\AppData\Local\Temp\avg-6fa78775-a9c5-455d-ad98-1704415e033f.exe
C:\Users\Debbie\AppData\Local\Temp\avguirn_081908276739.exe
Task: {289A41D9-94AE-47B5-BC27-C695083B08DD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2FEAC0F3-2B63-4ED0-937F-1EF0AC78871A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {39DA4AD4-9A6A-4116-A12C-24F662967C77} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {94C6A408-F9EA-4273-A239-2F2E11AA05E8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {94E4A824-18EC-4965-8057-4568105D7F1B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {97D5C5DE-8D7D-4F77-B3F1-01688CA613D4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A5196124-B6B9-4146-B6B2-36BCF2C671DC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AD0A37A7-8382-4B95-B5CB-E645428B4A2F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B208BE2F-DBE3-4B0D-B03C-A1EC3CBA5905} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E164A812-4D5B-4B22-B791-49180161F47C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F04BED37-CFE3-4B48-99C0-3FE4E9FFBC7E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
EmptyTemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully.
"HKU\S-1-5-21-3798676491-4103397498-3035539754-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKU\S-1-5-21-3798676491-4103397498-3035539754-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3798676491-4103397498-3035539754-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{e0d3e517-11f3-40ef-8ebe-e02f4f484f38}" => key removed successfully
HKCR\CLSID\{e0d3e517-11f3-40ef-8ebe-e02f4f484f38} => key not found.
0136351448644757mcinstcleanup => service not found.
mfefire => service not found.
mfevtp => service not found.
cfwids => service not found.
McAPExe => service removed successfully
McMPFSvc => service removed successfully
McNaiAnn => service removed successfully
mcpltsvc => service removed successfully
McProxy => service removed successfully
mfeapfk => service not found.
mfeavfk => service not found.
mfecore => service removed successfully
mfeelamk => service not found.
mfefirek => service not found.
mfehidk => service not found.
mfewfpk => service not found.
MSK80Service => service removed successfully
C:\Users\Debbie\AppData\Local\Temp\0136351448644757mcinst.exe => moved successfully
C:\Users\Debbie\AppData\Local\Temp\avg-6fa78775-a9c5-455d-ad98-1704415e033f.exe => moved successfully
C:\Users\Debbie\AppData\Local\Temp\avguirn_081908276739.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{289A41D9-94AE-47B5-BC27-C695083B08DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{289A41D9-94AE-47B5-BC27-C695083B08DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FEAC0F3-2B63-4ED0-937F-1EF0AC78871A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FEAC0F3-2B63-4ED0-937F-1EF0AC78871A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39DA4AD4-9A6A-4116-A12C-24F662967C77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39DA4AD4-9A6A-4116-A12C-24F662967C77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94C6A408-F9EA-4273-A239-2F2E11AA05E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C6A408-F9EA-4273-A239-2F2E11AA05E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94E4A824-18EC-4965-8057-4568105D7F1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E4A824-18EC-4965-8057-4568105D7F1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97D5C5DE-8D7D-4F77-B3F1-01688CA613D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97D5C5DE-8D7D-4F77-B3F1-01688CA613D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5196124-B6B9-4146-B6B2-36BCF2C671DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5196124-B6B9-4146-B6B2-36BCF2C671DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD0A37A7-8382-4B95-B5CB-E645428B4A2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0A37A7-8382-4B95-B5CB-E645428B4A2F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B208BE2F-DBE3-4B0D-B03C-A1EC3CBA5905}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B208BE2F-DBE3-4B0D-B03C-A1EC3CBA5905}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E164A812-4D5B-4B22-B791-49180161F47C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E164A812-4D5B-4B22-B791-49180161F47C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F04BED37-CFE3-4B48-99C0-3FE4E9FFBC7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F04BED37-CFE3-4B48-99C0-3FE4E9FFBC7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
EmptyTemp: => 518.8 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 13:32:22 ====

 

 

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 13:43:24
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [server]
# Operating system : Windows 10 Home (x64)
# Username : Debbie - OFFICE
# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService
[-] Service Deleted : vToolbarUpdater18.9.0

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1015av
[-] Folder Deleted : C:\ProgramData\Avg_Update_1114tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1214tb
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Debbie\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Debbie\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\Debbie\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key Deleted : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9269 bytes] ##########
# AdwCleaner v5.022 - Logfile created 27/11/2015 at 13:54:10
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [server]
# Operating system : Windows 10 Home (x64)
# Username : Debbie - OFFICE
# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10045 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Debbie (Administrator) on Fri 11/27/2015 at 14:02:43.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 3

Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\1015avUpdateInfo (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/27/2015 at 14:04:41.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to comment
Share on other sites

I was able to find the first AdwCleaner log file:

 

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 13:38:59
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [server]
# Operating system : Windows 10 Home (x64)
# Username : Debbie - OFFICE
# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CouponPrinterService
Service Found : vToolbarUpdater18.9.0

***** [ Folders ] *****

Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\Avg_Update_0814tb
Folder Found : C:\ProgramData\Avg_Update_1015av
Folder Found : C:\ProgramData\Avg_Update_1114tb
Folder Found : C:\ProgramData\Avg_Update_1214tb
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Debbie\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Debbie\AppData\Local\SearchProtect
Folder Found : C:\Users\Debbie\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Files ] *****

File Found : C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
Key Found : HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
Key Found : HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
Key Found : HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
Key Found : HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
Key Found : HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
Key Found : HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
Key Found : HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
Key Found : HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
Key Found : HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
Key Found : HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
Key Found : HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
Key Found : HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
Key Found : HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [8541 bytes] ##########
# AdwCleaner v5.022 - Logfile created 27/11/2015 at 13:51:58
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [server]
# Operating system : Windows 10 Home (x64)
# Username : Debbie - OFFICE
# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [9225 bytes] ##########

Link to comment
Share on other sites

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

     

     

     

     

    0841859c-1a35-4dbd-b41a-e720629e3e22_zps

     

     

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan

     

     

    After the restart once you are back at your desktop, open MBAM once more.

    Click on the History tab > Application Logs.

    Double click on the scan log which shows the Date and time of the scan just performed.

    Click 'Copy to Clipboard'

    Paste the contents of the clipboard into your reply

  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
Tell me what the computer is doing now.
Link to comment
Share on other sites

Computer is running much better now. Not seeing any hijacked links. Thank you for your help. Let me know if I need to do anything else.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/28/2015
Scan Time: 9:22 AM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.28.03
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Debbie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348698
Time Elapsed: 12 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to comment
Share on other sites

Computer is running much better now. Not seeing any hijacked links.

Good deal.

 

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

 

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

 

GzlsbnV.pngESET Online Scan

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme.
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points.
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Link to comment
Share on other sites

The scan finished with the settings as you described, with zero infected files. However, I didn't see a back button or any option to see any log file. There was a "finish" button and I clicked it and then it just showed me the option buy the non trial version of the tool.

 

Also, I can't see the images next to your "Place a checkmark next to...." bullet point. I don't see any place to put a checkmark anyway though. I wonder if the eset tool has had some recent changes.

Link to comment
Share on other sites

The scan finished with the settings as you described, with zero infected files.

Music to my ears.

 

Also, I can't see the images next to your "Place a checkmark next to...." bullet point. I don't see any place to put a checkmark anyway though. I wonder if the eset tool has had some recent changes.

With my luck, probably.

 

Since nothing was found I'm not going to worry over this.

 

If all systems are still a GO

Let's remove tools and quarantine folders.

 

AFZxnZc.jpg DelFix

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the program.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
Link to comment
Share on other sites

The following programmes come highly recommended in the security community.
  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • EG85Vjt.pngMalwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.pngSecuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpgSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Want to help others? Join the ClassRoom and learn how.
Link to comment
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...