Jump to content

Malware Removal help and general clean-up


Recommended Posts

I have a virus that I can't seem to get rid of. Every time my Malwarebytes runs, it finds the virus and I remove it but it comes back.

 

I decided it's time to ask for help.

 

I loaded Farbar and below is my FRST results. I found no other Addition.txt file.

 

Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Suzy (administrator) on SUZY-PC (28-01-2016 16:04:53)

Running from C:\Users\Suzy\Downloads

Loaded Profiles: Suzy (Available Profiles: Suzy & Guest)

Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PSIService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

() C:\Users\Suzy\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Amazon.com Inc.) C:\Users\Suzy\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe

(Spotify Ltd) C:\Users\Suzy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe

(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-02-01] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)

HKLM-x32\...\Run: [updateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298504 2014-11-08] (CANON INC.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [Amazon Music] => C:\Users\Suzy\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-05] ()

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [Amazon Cloud Drive] => C:\Users\Suzy\AppData\Local\Amazon Cloud Drive\AmazonCloudDrive.exe [1939264 2015-12-10] (Amazon.com Inc.)

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\...\Run: [spotify Web Helper] => C:\Users\Suzy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-09-29] (Spotify Ltd)

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2006-11-02] (Microsoft Corporation)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedupIcon] -> {9DB6687B-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] ()

ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedUpModifiedIcon] -> {9DB6687D-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] ()

ShellIconOverlayIdentifiers: [0Genie9 Zoolz-ColdStorageIcon] -> {9DB6687F-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] ()

ShellIconOverlayIdentifiers: [0Genie9 Zoolz-FolderInCloudIcon] -> {9DB6687E-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] ()

ShellIconOverlayIdentifiers: [0Genie9 Zoolz-NotBackedUpIcon] -> {9DB6687C-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\ZoolzOverlay.dll [2012-12-31] ()

ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {CA1303FE-518E-4DA5-9187-CF4C8C6DEE2E} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {CA1303FE-518E-4DA5-9187-CF4C8C6DEE2E} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-04-04] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-16]

ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-16]

ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2015-06-16]

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)

Startup: C:\Users\Suzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-01-25]

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{E269F452-C854-4599-96FE-3E5F99CA0066}: [DhcpNameServer] 192.168.1.254

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3411889455-3121361928-2542730128-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope value is missing

SearchScopes: HKLM -> {449EC6AD-BF3D-4033-B438-E947951D0D30} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF

SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =

SearchScopes: HKLM-x32 -> {52D0A20C-2EE8-4D4E-ADF0-BA871B5E4AA9} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF

SearchScopes: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> {52D0A20C-2EE8-4D4E-ADF0-BA871B5E4AA9} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)

BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: HelperObject Class -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll [2005-10-14] (TechSmith Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)

BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)

BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-04] (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-04] (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll [2005-10-14] (TechSmith Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

Toolbar: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Toolbar: HKU\S-1-5-21-3411889455-3121361928-2542730128-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-12-15] (Microsoft Corporation)

DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/stg_drm.ocx

DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/armhelper.ocx

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

 

FireFox:

========

FF ProfilePath: C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\pngrf6xu.default-1447308220568

FF DefaultSearchEngine.US: Google

FF Homepage: hxxp://www.google.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.6\\npsitesafety.dll [No File]

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)

FF Plugin-x32: @emusic.com/dlm-plugin -> C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll [2009-09-18] (eMusic.com)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-04] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-04] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: @emusic.com/dlm-plugin -> C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll [2009-09-18] (eMusic.com)

FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Suzy\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)

FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Suzy\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)

FF Plugin HKU\S-1-5-21-3411889455-3121361928-2542730128-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Suzy\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2010-12-01] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll [2010-12-01] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-09-06] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\pngrf6xu.default-1447308220568\extensions\adblockpopups@jessehakanen.net.xpi [2015-11-12]

FF Extension: Adblock Plus - C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\pngrf6xu.default-1447308220568\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-06] [not signed]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-06] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-26] [not signed]

 

Chrome:

=======

CHR HomePage: Default -> hxxps://search.yahoo.com/?type=242154&fr=yo-yhp-ch

CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=242154&fr=yo-yhp-ch"

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=242154&p={searchTerms}

CHR DefaultSearchKeyword: Default -> yahoo.com search

CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)

CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File

CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll => No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File

CHR Plugin: (Stamps.com Web Client NPAPI Plug-in) - C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll => No File

CHR Plugin: (eMusic Remote Plugin) - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File

CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll => No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]

CHR Extension: (Google Drive) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]

CHR Extension: (YouTube) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]

CHR Extension: (Google Search) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]

CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-01-24]

CHR Extension: (Google Docs Offline) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]

CHR Extension: (Ad=Block=Pro) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfagolldnjdjpnodniadeoadhdpanee [2015-09-08]

CHR Extension: (User Agent Switcher, URL sniffer) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfpjnehmoiabkefmnjegmpdddgcdnpo [2016-01-24]

CHR Extension: (User-Agent Switcher) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf [2015-11-06]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (Gmail) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems) [File not signed]

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [311296 2007-05-22] (Creative Technology Ltd) [File not signed]

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-06-01] (Macrovision Europe Ltd.) [File not signed]

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]

R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()

R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] () [File not signed]

R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

S2 Zoolz 2 Service; C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [450576 2013-04-08] (Genie9)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)

S1 Beep; no ImagePath

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation)

R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-06-05] (Lavasoft AB)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-28] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203320 2011-10-04] (DEVGURU Co., LTD.(www.devguru.co.kr))

R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-10-21] (CyberLink Corp.)

S3 cpuz132; \??\C:\Users\Suzy\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-28 16:04 - 2016-01-28 16:04 - 02370560 _____ (Farbar) C:\Users\Suzy\Downloads\FRST64.exe

2016-01-27 15:30 - 2016-01-27 15:30 - 00061863 _____ C:\Users\Suzy\Downloads\Rebate_Receipt.pdf

2016-01-14 03:35 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-01-14 03:35 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-01-14 03:33 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2016-01-14 03:33 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2016-01-14 03:33 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll

2016-01-14 03:33 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2016-01-14 03:33 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2016-01-14 03:33 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2016-01-14 03:33 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll

2016-01-14 03:33 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2016-01-14 03:33 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2016-01-14 03:33 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2016-01-14 03:33 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2016-01-14 03:33 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2016-01-14 03:33 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2016-01-14 03:33 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2016-01-14 03:33 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2016-01-14 03:33 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2016-01-14 03:33 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2016-01-14 03:33 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2016-01-14 03:33 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2016-01-14 03:33 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2016-01-14 03:33 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll

2016-01-14 03:33 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2016-01-14 03:33 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2016-01-14 03:33 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll

2016-01-14 03:33 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2016-01-14 03:33 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2016-01-14 03:33 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2016-01-14 03:33 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2016-01-14 03:33 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2016-01-14 03:33 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2016-01-14 03:33 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2016-01-14 03:33 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2016-01-14 03:31 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-01-14 03:31 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-01-14 03:17 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-01-14 03:13 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-01-14 03:10 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll

2016-01-14 03:10 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll

2016-01-14 03:10 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll

2016-01-14 03:10 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll

2016-01-14 03:10 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe

2016-01-13 06:58 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-01-13 06:58 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-01-13 06:58 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-01-13 06:58 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-01-13 06:58 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-01-13 06:58 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-01-13 06:58 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-01-13 06:58 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-01-13 06:58 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-01-13 06:58 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2016-01-13 06:58 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2016-01-13 06:58 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2016-01-13 06:58 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-01-13 06:58 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-01-13 06:58 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-01-13 06:58 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-01-13 06:58 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-01-13 06:58 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-01-13 06:58 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-01-13 06:58 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-01-13 06:58 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-01-13 06:58 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-01-13 06:58 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2016-01-13 06:58 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-01-13 06:58 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-01-13 06:58 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2016-01-13 06:58 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2016-01-13 06:58 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2016-01-10 09:22 - 2016-01-10 09:27 - 00000000 ___HD C:\ProgramData\CanonIJMIG

2016-01-08 19:18 - 2016-01-08 19:18 - 02797980 _____ C:\Users\Suzy\Desktop\TWC BILL (2).pdf

2016-01-06 22:14 - 2016-01-10 08:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-01-02 07:25 - 2016-01-02 07:25 - 00277176 _____ C:\Windows\Minidump\Mini010216-01.dmp

2015-12-31 13:14 - 2015-12-31 13:14 - 04891891 ___RT C:\Users\Suzy\Desktop\20151128_073234.jpg

2015-12-31 07:45 - 2015-12-31 07:45 - 00067564 _____ C:\Users\Suzy\Desktop\AVG Performance1.JPG

2015-12-31 07:45 - 2015-12-31 07:45 - 00064204 _____ C:\Users\Suzy\Desktop\AVG Performance 2.JPG

2015-12-30 21:08 - 2015-12-30 21:08 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\Wondershare

2015-12-30 19:00 - 2015-12-30 19:00 - 00399180 _____ C:\Users\Suzy\Desktop\20151227_194335_003.jpg

2015-12-30 09:22 - 2015-12-30 09:22 - 00000000 ____D C:\Users\Suzy\AppData\Local\Amazon Cloud Drive

2015-12-30 09:21 - 2015-12-30 09:21 - 00867648 _____ (Amazon) C:\Users\Suzy\Downloads\AmazonCloudDriveSetup(2).exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-28 16:05 - 2011-08-15 19:59 - 00000000 ____D C:\Users\Suzy\Desktop\Suzy's Desktop

2016-01-28 16:04 - 2015-09-10 17:42 - 00036747 _____ C:\Users\Suzy\Downloads\FRST.txt

2016-01-28 16:04 - 2015-09-10 17:41 - 00000000 ____D C:\FRST

2016-01-28 16:02 - 2012-04-03 13:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-28 15:31 - 2010-10-20 07:52 - 00000000 ____D C:\ProgramData\MFAData

2016-01-28 15:28 - 2014-05-19 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-28 15:23 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-28 15:23 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-28 15:14 - 2009-12-20 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-28 15:14 - 2009-12-20 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-28 13:11 - 2015-03-10 14:06 - 00000000 ___RD C:\Users\Suzy\Desktop\REBATES

2016-01-28 09:41 - 2011-10-04 23:22 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4265AA72-4838-4845-999B-40485AFFD824}

2016-01-28 09:23 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-28 09:22 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\ShellNew

2016-01-28 09:21 - 2006-11-02 10:42 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-01-27 14:00 - 2014-07-29 20:42 - 00247396 _____ C:\Users\Suzy\Desktop\SuzyQ's workout log(1).xlsx

2016-01-27 11:36 - 2015-07-30 14:42 - 00000000 ____D C:\Users\Suzy\Desktop\Pics for Ebay

2016-01-27 11:10 - 2015-10-14 16:46 - 00000000 ____D C:\ProgramData\CanonIJPLM

2016-01-22 20:44 - 2014-03-31 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-01-22 13:26 - 2015-11-28 11:20 - 00000000 ____D C:\Users\Guest\.oracle_jre_usage

2016-01-22 13:23 - 2015-11-28 11:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Canon

2016-01-22 12:43 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf

2016-01-22 12:43 - 2006-11-02 07:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-20 01:02 - 2012-04-03 13:28 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-20 01:02 - 2012-04-03 13:28 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-20 01:02 - 2011-08-13 09:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-17 12:46 - 2014-09-29 10:23 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\Spotify

2016-01-17 12:36 - 2014-09-29 10:23 - 00000000 ____D C:\Users\Suzy\AppData\Local\Spotify

2016-01-14 19:41 - 2009-02-21 22:22 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job

2016-01-14 18:23 - 2014-01-30 17:26 - 00001987 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-14 04:29 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache

2016-01-14 03:59 - 2006-11-02 10:21 - 05040576 _____ C:\Windows\system32\FNTCACHE.DAT

2016-01-14 03:58 - 2010-09-19 09:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-01-14 03:54 - 2009-02-18 02:19 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2016-01-14 03:37 - 2010-09-19 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-01-14 03:31 - 2013-07-17 02:01 - 00000000 ____D C:\Windows\system32\MRT

2016-01-14 03:18 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2016-01-14 03:10 - 2006-11-02 07:34 - 00000240 _____ C:\Windows\win.ini

2016-01-10 09:22 - 2009-03-02 19:27 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\Canon

2016-01-10 08:43 - 2012-05-07 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-01-08 12:02 - 2010-04-28 15:33 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\TeamViewer

2016-01-04 22:34 - 2015-02-22 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-01-04 22:34 - 2009-02-18 02:51 - 00000000 ____D C:\Program Files (x86)\Java

2016-01-04 22:33 - 2015-10-12 15:22 - 00000000 ____D C:\Users\Suzy\.oracle_jre_usage

2016-01-04 22:32 - 2015-02-22 20:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2016-01-02 07:25 - 2012-02-14 12:51 - 505521110 _____ C:\Windows\MEMORY.DMP

2016-01-02 07:25 - 2009-11-09 12:31 - 00000000 ____D C:\Windows\Minidump

2015-12-31 06:16 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\DigitalLocker

2015-12-30 21:08 - 2009-02-21 18:52 - 00000000 ____D C:\Users\Suzy\AppData\Roaming

2015-12-30 09:22 - 2015-12-13 21:39 - 00001014 _____ C:\Users\Suzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive.lnk

2015-12-30 09:22 - 2015-12-13 21:39 - 00001002 _____ C:\Users\Suzy\Desktop\Amazon Cloud Drive.lnk

2015-12-30 09:22 - 2009-02-21 18:52 - 00000000 ___RD C:\Users\Suzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

 

==================== Files in the root of some directories =======

 

2009-11-03 09:46 - 2014-10-14 16:30 - 0000061 _____ () C:\Users\Suzy\AppData\Roaming\AVSMediaPlayer.m3u

2013-06-28 10:03 - 2013-06-28 10:04 - 0893239 _____ () C:\Users\Suzy\AppData\Local\a.zip

2010-05-31 11:06 - 2013-01-28 13:24 - 0007592 _____ () C:\Users\Suzy\AppData\Local\d3d9caps.dat

2015-03-30 12:15 - 2015-03-30 12:15 - 0000732 _____ () C:\Users\Suzy\AppData\Local\d3d9caps64.dat

2009-02-22 19:18 - 2015-11-02 19:26 - 0037376 _____ () C:\Users\Suzy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-06-17 13:00 - 2015-06-17 13:00 - 0367406 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI14C3.txt

2012-03-22 12:42 - 2012-03-22 12:42 - 0362398 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI45C8.txt

2012-03-22 12:42 - 2012-03-22 12:42 - 0373756 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI45E2.txt

2012-02-22 15:26 - 2012-02-22 15:26 - 0367546 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI69DA.txt

2015-06-17 13:00 - 2015-06-17 13:00 - 0012022 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI14C3.txt

2012-03-22 12:42 - 2012-03-22 12:42 - 0011354 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI45C8.txt

2012-03-22 12:42 - 2012-03-22 12:42 - 0011690 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI45E2.txt

2012-02-22 15:26 - 2012-02-22 15:26 - 0011458 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI69DA.txt

2013-04-04 17:40 - 2013-04-04 17:40 - 0004096 ____H () C:\Users\Suzy\AppData\Local\keyfile3.drm

2012-05-26 13:34 - 2012-05-26 13:34 - 0000022 _____ () C:\Users\Suzy\AppData\Local\kodakpcd.ini

2015-07-10 19:17 - 2015-07-10 19:18 - 2630364 _____ () C:\Users\Suzy\AppData\Local\tmpTOTAL KASPERSKY.JPG

2015-10-14 17:50 - 2015-05-08 15:41 - 0010240 _____ () C:\Users\Suzy\AppData\Local\Z@!-3f8001e5-b140-4891-a0f5-da14ee4a679a.tmp

2015-10-14 17:50 - 2015-05-08 15:41 - 0010240 _____ () C:\Users\Suzy\AppData\Local\Z@!-988c66b9-ca06-4c6f-b1ad-14fefd04899e.tmp

2015-10-14 17:50 - 2015-05-08 15:41 - 0009216 _____ () C:\Users\Suzy\AppData\Local\Z@S!-113b6a61-c3c5-472e-9425-ac81ca3837e2.tmp

 

Some files in TEMP:

====================

C:\Users\Suzy\AppData\Local\Temp\CloudDriveInstaller.exe

C:\Users\Suzy\AppData\Local\Temp\jre-8u66-windows-au.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-28 09:34

 

==================== End of FRST.txt ============================

 

 

post-192518-0-33657800-1454015777_thumb.

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Upload it in your next reply.
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.