Just123me

Every time AVG scans, it finds a Trojan horse and removes it. Is there a way to get rid of it permanently? Thanks. I already had one of my Excel files infected and can no longer use it. Thanks.

Interesting. I believe the virus comes and goes. It shows up a lot on either the AVG or Malwarebytes. I wonder why that is? Did anything we do get rid of it for good or were those just tests to see if anything on my computer? Thanks.

Please find the text file atta Malwarebytes lates text log.txt

Please find the text file attached.

Yes, as always.

I have attached the results and also 2 threats that appeared on my computer this morning....stopped by AVG and Malwarebytes. zoek-results.txt

Hi TwinHeadedEagle. Please find attached the requested info needed. Thanks for you help. Addition 1-28-16.txt FRST 1-28-16.txt

I have a virus that I can't seem to get rid of. Every time my Malwarebytes runs, it finds the virus and I remove it but it comes back. I decided it's time to ask for help. I loaded Farbar and below is my FRST results. I found no other Addition.txt file. Thanks in advance. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016 Ran by Suzy (administrator) on SUZY-PC (28-01-2016 16:04:53) Running from C:\Users\Suzy\Downloads Loaded Profiles: Suzy (Available Profiles: Suzy & Guest) Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Windows\SysWOW64\PSIService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\Users\Suzy\AppData\Local\Amazon Music\Amazon Music Helper.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Amazon.com Inc.) C:\Users\Suzy\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe (Spotify Ltd) C:\Users\Suzy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-02-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd) HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] () HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [Amazon Music] => C:\Users\Suzy\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] () HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [Amazon Cloud Drive] => C:\Users\Suzy\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [1939264 2015-12-10] (Amazon.com Inc.) HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [spotify Web Helper] => C:\Users\Suzy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-09-29] (Spotify Ltd) HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2006-11-02] (Microsoft Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedupIcon] -> {9DB6687B-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] () ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedUpModifiedIcon] -> {9DB6687D-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] () ShellIconOverlayIdentifiers: [0Genie9 Zoolz-ColdStorageIcon] -> {9DB6687F-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] () ShellIconOverlayIdentifiers: [0Genie9 Zoolz-FolderInCloudIcon] -> {9DB6687E-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] () ShellIconOverlayIdentifiers: [0Genie9 Zoolz-NotBackedUpIcon] -> {9DB6687C-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] () ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG) ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {CA1303FE-518E-4DA5-9187-CF4C8C6DEE2E} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {CA1303FE-518E-4DA5-9187-CF4C8C6DEE2E} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-16] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-16] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2015-06-16] ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) Startup: C:\Users\Suzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-01-25] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{E269F452-C854-4599-96FE-3E5F99CA0066}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {449EC6AD-BF3D-4033-B438-E947951D0D30} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = SearchScopes: HKLM-x32 -> {52D0A20C-2EE8-4D4E-ADF0-BA871B5E4AA9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF SearchScopes: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> {52D0A20C-2EE8-4D4E-ADF0-BA871B5E4AA9} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14] (TechSmith Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-04] (Oracle Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-04] (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14] (TechSmith Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-12-15] (Microsoft Corporation) DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/stg_drm.ocx DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/armhelper.ocx DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\pngrf6xu.default-1447308220568 FF DefaultSearchEngine.US: Google FF Homepage: hxxp://www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.6\\npsitesafety.dll [No File] FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @emusic.com/dlm-plugin -> C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll [2009-09-18] (eMusic.com) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: @emusic.com/dlm-plugin -> C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll [2009-09-18] (eMusic.com) FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Suzy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation) FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Suzy\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster) FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Suzy\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2010-12-01] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll [2010-12-01] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-09-06] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.) FF Extension: Adblock Plus Pop-up Addon - C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\pngrf6xu.default-1447308220568\extensions\adblockpopups@jessehakanen.net.xpi [2015-11-12] FF Extension: Adblock Plus - C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\pngrf6xu.default-1447308220568\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-06] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-26] [not signed] Chrome: ======= CHR HomePage: Default -> hxxps://search.yahoo.com/?type=242154&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=242154&fr=yo-yhp-ch" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=242154&p={searchTerms} CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File CHR Plugin: (Stamps.com Web Client NPAPI Plug-in) - C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll => No File CHR Plugin: (eMusic Remote Plugin) - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll => No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30] CHR Extension: (Google Search) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-01-24] CHR Extension: (Google Docs Offline) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21] CHR Extension: (Ad=Block=Pro) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfagolldnjdjpnodniadeoadhdpanee [2015-09-08] CHR Extension: (User Agent Switcher, URL sniffer) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfpjnehmoiabkefmnjegmpdddgcdnpo [2016-01-24] CHR Extension: (User-Agent Switcher) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2015-11-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Gmail) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems) [File not signed] R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.) R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [311296 2007-05-22] (Creative Technology Ltd) [File not signed] R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-06-01] (Macrovision Europe Ltd.) [File not signed] R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed] R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation) S2 Zoolz 2 Service; C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [450576 2013-04-08] (Genie9) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) S1 Beep; no ImagePath R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation) R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-06-05] (Lavasoft AB) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-28] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203320 2011-10-04] (DEVGURU Co., LTD.(www.devguru.co.kr)) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-10-21] (CyberLink Corp.) S3 cpuz132; \??\C:\Users\Suzy\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-28 16:04 - 2016-01-28 16:04 - 02370560 _____ (Farbar) C:\Users\Suzy\Downloads\FRST64.exe 2016-01-27 15:30 - 2016-01-27 15:30 - 00061863 _____ C:\Users\Suzy\Downloads\Rebate_Receipt.pdf 2016-01-14 03:35 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-14 03:35 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-14 03:33 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-14 03:33 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-14 03:33 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-14 03:33 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-14 03:33 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-14 03:33 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-14 03:33 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-14 03:33 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-14 03:33 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-14 03:33 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-14 03:33 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-14 03:33 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-14 03:33 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-14 03:33 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-14 03:33 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-14 03:33 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-14 03:33 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-14 03:33 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-14 03:33 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-14 03:33 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-14 03:33 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-14 03:33 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-14 03:33 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-14 03:33 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-14 03:33 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-14 03:33 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-14 03:33 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-14 03:33 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-14 03:33 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-14 03:33 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-14 03:33 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-14 03:33 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-14 03:31 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-14 03:31 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-14 03:17 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-14 03:13 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-14 03:10 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-14 03:10 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-14 03:10 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-14 03:10 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-14 03:10 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-13 06:58 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-13 06:58 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-13 06:58 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-13 06:58 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-13 06:58 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-13 06:58 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-13 06:58 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-13 06:58 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-13 06:58 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-13 06:58 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-01-13 06:58 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-01-13 06:58 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-01-13 06:58 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-13 06:58 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-13 06:58 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-13 06:58 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-13 06:58 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-13 06:58 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-13 06:58 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-13 06:58 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-13 06:58 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-13 06:58 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-13 06:58 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-01-13 06:58 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-13 06:58 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-13 06:58 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-01-13 06:58 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-01-13 06:58 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-01-10 09:22 - 2016-01-10 09:27 - 00000000 ___HD C:\ProgramData\CanonIJMIG 2016-01-08 19:18 - 2016-01-08 19:18 - 02797980 _____ C:\Users\Suzy\Desktop\TWC BILL (2).pdf 2016-01-06 22:14 - 2016-01-10 08:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-02 07:25 - 2016-01-02 07:25 - 00277176 _____ C:\Windows\Minidump\Mini010216-01.dmp 2015-12-31 13:14 - 2015-12-31 13:14 - 04891891 ___RT C:\Users\Suzy\Desktop\20151128_073234.jpg 2015-12-31 07:45 - 2015-12-31 07:45 - 00067564 _____ C:\Users\Suzy\Desktop\AVG Performance1.JPG 2015-12-31 07:45 - 2015-12-31 07:45 - 00064204 _____ C:\Users\Suzy\Desktop\AVG Performance 2.JPG 2015-12-30 21:08 - 2015-12-30 21:08 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\Wondershare 2015-12-30 19:00 - 2015-12-30 19:00 - 00399180 _____ C:\Users\Suzy\Desktop\20151227_194335_003.jpg 2015-12-30 09:22 - 2015-12-30 09:22 - 00000000 ____D C:\Users\Suzy\AppData\Local\Amazon Cloud Drive 2015-12-30 09:21 - 2015-12-30 09:21 - 00867648 _____ (Amazon) C:\Users\Suzy\Downloads\AmazonCloudDriveSetup(2).exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-28 16:05 - 2011-08-15 19:59 - 00000000 ____D C:\Users\Suzy\Desktop\Suzy's Desktop 2016-01-28 16:04 - 2015-09-10 17:42 - 00036747 _____ C:\Users\Suzy\Downloads\FRST.txt 2016-01-28 16:04 - 2015-09-10 17:41 - 00000000 ____D C:\FRST 2016-01-28 16:02 - 2012-04-03 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-28 15:31 - 2010-10-20 07:52 - 00000000 ____D C:\ProgramData\MFAData 2016-01-28 15:28 - 2014-05-19 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-28 15:23 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-28 15:23 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-28 15:14 - 2009-12-20 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-28 15:14 - 2009-12-20 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-28 13:11 - 2015-03-10 14:06 - 00000000 ___RD C:\Users\Suzy\Desktop\REBATES 2016-01-28 09:41 - 2011-10-04 23:22 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4265AA72-4838-4845-999B-40485AFFD824} 2016-01-28 09:23 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-28 09:22 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\ShellNew 2016-01-28 09:21 - 2006-11-02 10:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-27 14:00 - 2014-07-29 20:42 - 00247396 _____ C:\Users\Suzy\Desktop\SuzyQ's workout log(1).xlsx 2016-01-27 11:36 - 2015-07-30 14:42 - 00000000 ____D C:\Users\Suzy\Desktop\Pics for Ebay 2016-01-27 11:10 - 2015-10-14 16:46 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-01-22 20:44 - 2014-03-31 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-01-22 13:26 - 2015-11-28 11:20 - 00000000 ____D C:\Users\Guest\.oracle_jre_usage 2016-01-22 13:23 - 2015-11-28 11:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Canon 2016-01-22 12:43 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf 2016-01-22 12:43 - 2006-11-02 07:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-20 01:02 - 2012-04-03 13:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-20 01:02 - 2012-04-03 13:28 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-20 01:02 - 2011-08-13 09:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-17 12:46 - 2014-09-29 10:23 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\Spotify 2016-01-17 12:36 - 2014-09-29 10:23 - 00000000 ____D C:\Users\Suzy\AppData\Local\Spotify 2016-01-14 19:41 - 2009-02-21 22:22 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job 2016-01-14 18:23 - 2014-01-30 17:26 - 00001987 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-01-14 04:29 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache 2016-01-14 03:59 - 2006-11-02 10:21 - 05040576 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-14 03:58 - 2010-09-19 09:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-14 03:54 - 2009-02-18 02:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2016-01-14 03:37 - 2010-09-19 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-01-14 03:31 - 2013-07-17 02:01 - 00000000 ____D C:\Windows\system32\MRT 2016-01-14 03:18 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2016-01-14 03:10 - 2006-11-02 07:34 - 00000240 _____ C:\Windows\win.ini 2016-01-10 09:22 - 2009-03-02 19:27 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\Canon 2016-01-10 08:43 - 2012-05-07 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-08 12:02 - 2010-04-28 15:33 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\TeamViewer 2016-01-04 22:34 - 2015-02-22 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-01-04 22:34 - 2009-02-18 02:51 - 00000000 ____D C:\Program Files (x86)\Java 2016-01-04 22:33 - 2015-10-12 15:22 - 00000000 ____D C:\Users\Suzy\.oracle_jre_usage 2016-01-04 22:32 - 2015-02-22 20:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-01-02 07:25 - 2012-02-14 12:51 - 505521110 _____ C:\Windows\MEMORY.DMP 2016-01-02 07:25 - 2009-11-09 12:31 - 00000000 ____D C:\Windows\Minidump 2015-12-31 06:16 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\DigitalLocker 2015-12-30 21:08 - 2009-02-21 18:52 - 00000000 ____D C:\Users\Suzy\AppData\Roaming 2015-12-30 09:22 - 2015-12-13 21:39 - 00001014 _____ C:\Users\Suzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive.lnk 2015-12-30 09:22 - 2015-12-13 21:39 - 00001002 _____ C:\Users\Suzy\Desktop\Amazon Cloud Drive.lnk 2015-12-30 09:22 - 2009-02-21 18:52 - 00000000 ___RD C:\Users\Suzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs ==================== Files in the root of some directories ======= 2009-11-03 09:46 - 2014-10-14 16:30 - 0000061 _____ () C:\Users\Suzy\AppData\Roaming\AVSMediaPlayer.m3u 2013-06-28 10:03 - 2013-06-28 10:04 - 0893239 _____ () C:\Users\Suzy\AppData\Local\a.zip 2010-05-31 11:06 - 2013-01-28 13:24 - 0007592 _____ () C:\Users\Suzy\AppData\Local\d3d9caps.dat 2015-03-30 12:15 - 2015-03-30 12:15 - 0000732 _____ () C:\Users\Suzy\AppData\Local\d3d9caps64.dat 2009-02-22 19:18 - 2015-11-02 19:26 - 0037376 _____ () C:\Users\Suzy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-17 13:00 - 2015-06-17 13:00 - 0367406 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI14C3.txt 2012-03-22 12:42 - 2012-03-22 12:42 - 0362398 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI45C8.txt 2012-03-22 12:42 - 2012-03-22 12:42 - 0373756 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI45E2.txt 2012-02-22 15:26 - 2012-02-22 15:26 - 0367546 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI69DA.txt 2015-06-17 13:00 - 2015-06-17 13:00 - 0012022 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI14C3.txt 2012-03-22 12:42 - 2012-03-22 12:42 - 0011354 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI45C8.txt 2012-03-22 12:42 - 2012-03-22 12:42 - 0011690 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI45E2.txt 2012-02-22 15:26 - 2012-02-22 15:26 - 0011458 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI69DA.txt 2013-04-04 17:40 - 2013-04-04 17:40 - 0004096 ____H () C:\Users\Suzy\AppData\Local\keyfile3.drm 2012-05-26 13:34 - 2012-05-26 13:34 - 0000022 _____ () C:\Users\Suzy\AppData\Local\kodakpcd.ini 2015-07-10 19:17 - 2015-07-10 19:18 - 2630364 _____ () C:\Users\Suzy\AppData\Local\tmpTOTAL KASPERSKY.JPG 2015-10-14 17:50 - 2015-05-08 15:41 - 0010240 _____ () C:\Users\Suzy\AppData\Local\Z@!-3f8001e5-b140-4891-a0f5-da14ee4a679a.tmp 2015-10-14 17:50 - 2015-05-08 15:41 - 0010240 _____ () C:\Users\Suzy\AppData\Local\Z@!-988c66b9-ca06-4c6f-b1ad-14fefd04899e.tmp 2015-10-14 17:50 - 2015-05-08 15:41 - 0009216 _____ () C:\Users\Suzy\AppData\Local\Z@S!-113b6a61-c3c5-472e-9425-ac81ca3837e2.tmp Some files in TEMP: ==================== C:\Users\Suzy\AppData\Local\Temp\CloudDriveInstaller.exe C:\Users\Suzy\AppData\Local\Temp\jre-8u66-windows-au.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-28 09:34 ==================== End of FRST.txt ============================

Yes, I did. So I should be good to go? I'll give it a few days and report back. Thanks for your help.

This morning, this popped up on Malwarebytes when I got on the computer. See attached. I haven't really been on the computer much since I ran Zoek. Give me a day or two and I'll report back. Thanks. I know in the past my computer would freeze up and I'd get a pop up asking if I wanted to continue the script or stop script. I'll report back in a few day.

Ok, my bad. Sorry about that. Got it now. Attached. zoek-results.log

I'm not sure my Zoek is running even though it says it is since I got this pop-up. It's been about an hour and program says it's running but I'm kind of doubting it because of pop-up and the fact that you said it should only take a few minutes. Please find attached the pop-up that appeared when running Zoek. Thanks.

Ok, i had FRST on my computer so didn't need the clickable link. The first time I ran the program Malwarebytes popped up saying it was a malicious site. I ran it anyhow. Here are my 2 logs attatched. aAddition.txt aFRST.txt

Hi Twin Headed Eagle. Can you give me a clickable link to download the Farbar Recovery Scan Tool? I tried to click on the blue underlined text in FireFox and Chrome but nothing happens. Thanks.

I posted in another forum that I was unable to get on the website ebates.com. Malwarebytes was blocking me in Firefox. Everyone else was able to get in. It was recommended that I post 4 logs, which I did but during the time I was creating the logs for some reason I was then able to get on that website. It was then recommended that I come here for help with Malware Removal since my logs looked pretty bad and needed cleaning up. Quite a few times while surfing I get a pop-up asking me if I want to 'stop script'. My computer will hang up and that pops up. Plus computer is running slowly. Thanks in advance for any help and suggestions. You will find attached my logs. FRST.txt Log 1.txt Log 2.txt Protection Log 3.txt