Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Adware gen and asg, Windows 8.1 won't accept adwcleaner


  • This topic is locked This topic is locked
6 replies to this topic

#1 coach maverick

coach maverick

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 23 January 2015 - 12:03 PM

I have a dell xps 12 64-bit with windows 8.1, and is infected with the adware in the title.  Machine won't allow adwcleaner to work ("this app doesn't work on this pc"), attach files to this post, and times out when trying to "post new topic."

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Steve (administrator) on ULTRASHARIK on 23-01-2015 11:15:04
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available profiles: Steve)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Compal Electronics, INC.) C:\Program Files\Dell\QuickSet\ResetTouch.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\AntaraSoftware.AlarmClockHD_3.2.0.9_neutral__7jhd16s0b93qm\AlarmClockHD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MA3Firmware] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ResetTouch] => c:\Program Files\Dell\QuickSet\ResetTouch.exe [2345808 2013-03-04] (Compal Electronics, INC.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5777224 2013-09-02] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ospd_us_633] => [X]
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [773256 2015-01-13] (Webroot)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-19] (AVAST Software)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Run: [Spotify Web Helper] => C:\Users\Steve\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-14] (Google Inc.)
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1367360 2014-12-16] (Lavasoft)
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameHugArcadeApp.lnk
ShortcutTarget: GameHugArcadeApp.lnk -> C:\Users\Steve\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeApp.exe (No File)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150119&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> {EF01FCAA-A4C6-4248-8FDA-8EC9386C4C97} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Winsock: Catalog9-x64 18 C:\Windows\system32\LavasoftTcpService64.dll [358736] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 10.128.128.128
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1376318163-454353977-2922242483-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1376318163-454353977-2922242483-1001: @talk.google.com/O1DPlugin -> C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1376318163-454353977-2922242483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1376318163-454353977-2922242483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-19]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-08]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-08]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-08]
CHR Extension: (AdBlock Plus Super) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmkeoghoohamnhkeopgjkiamcmknajm [2015-01-16]
CHR Extension: (Google Cast) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-19]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-17]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-08]
CHR Extension: (AdBlock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-16]
CHR Extension: (Avast Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-19]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-22]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-01-13]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-08]
CHR Extension: (Webroot Password Manager) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-01-13]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-08]
CHR Extension: (HD-Quality-3.1V12.01) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbffhpdalaceholagpcomhnigjjdfdb [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-19]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.2.42.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-01-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-19] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-11] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [1351512 2014-12-16] (Lavasoft Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2014-12-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [773256 2015-01-13] (Webroot)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-19] ()
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-10-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-10-09] (BitDefender LLC)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [83960 2013-08-08] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [129528 2013-08-08] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115144 2013-09-06] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-11] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2013-08-27] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-19] (Avast Software)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [29952 2013-09-12] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2015-01-13] (Webroot)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 11:15 - 2015-01-23 11:15 - 00037826 _____ () C:\Users\Steve\Downloads\FRST.txt
2015-01-23 11:14 - 2015-01-23 11:15 - 00000000 ____D () C:\FRST
2015-01-23 11:13 - 2015-01-23 11:13 - 02126848 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2015-01-22 14:47 - 2015-01-22 15:53 - 02159012 _____ () C:\Users\Steve\Downloads\adwcleaner_4.108.exe
2015-01-22 14:45 - 2015-01-22 14:45 - 02177992 _____ () C:\Users\Steve\Downloads\AdwCleaner.exe
2015-01-22 14:39 - 2015-01-22 14:39 - 00000197 _____ () C:\Windows\system32\2015-01-22-19-39-13.075-AvastVBoxSVC.exe-5196.log
2015-01-22 14:25 - 2015-01-22 14:25 - 00000197 _____ () C:\Windows\system32\2015-01-22-19-25-35.096-AvastVBoxSVC.exe-4472.log
2015-01-22 13:23 - 2015-01-22 13:23 - 00000197 _____ () C:\Windows\system32\2015-01-22-18-23-22.098-AvastVBoxSVC.exe-8312.log
2015-01-20 16:48 - 2015-01-20 16:48 - 00000197 _____ () C:\Windows\system32\2015-01-20-21-48-15.065-AvastVBoxSVC.exe-7016.log
2015-01-19 22:44 - 2015-01-19 22:45 - 00000197 _____ () C:\Windows\system32\2015-01-20-03-44-02.076-AvastVBoxSVC.exe-4576.log
2015-01-19 22:17 - 2015-01-19 22:17 - 00000197 _____ () C:\Windows\system32\2015-01-20-03-17-33.066-AvastVBoxSVC.exe-4532.log
2015-01-19 20:40 - 2015-01-19 20:49 - 104189308 _____ () C:\Users\Steve\Downloads\Alpha - Cardio [320x240]-SD.mp4
2015-01-19 20:24 - 2015-01-19 20:24 - 00000197 _____ () C:\Windows\system32\2015-01-20-01-24-17.056-AvastVBoxSVC.exe-4164.log
2015-01-19 13:46 - 2015-01-19 13:48 - 138682152 _____ () C:\Users\Steve\Documents\PowerDVD_14.0.4412.58_LG_DVD141212-01.tmp
2015-01-19 13:45 - 2015-01-19 13:45 - 00000701 _____ () C:\Users\Steve\Desktop\CyberLink_PowerDVD_Downloader.lnk
2015-01-19 13:39 - 2015-01-19 13:39 - 00000197 _____ () C:\Windows\system32\2015-01-19-18-39-16.069-AvastVBoxSVC.exe-292.log
2015-01-19 13:39 - 2015-01-19 13:39 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\Users\Steve\AppData\Local\Power2Go
2015-01-19 13:34 - 2015-01-19 13:34 - 00001403 _____ () C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2015-01-19 13:34 - 2015-01-19 13:34 - 00000000 ____D () C:\ProgramData\install_clap
2015-01-19 13:33 - 2015-01-20 17:42 - 00000344 _____ () C:\Windows\lgfwup.ini
2015-01-19 13:33 - 2015-01-20 17:42 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2015-01-19 13:33 - 2015-01-19 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
2015-01-19 13:33 - 2012-07-11 13:18 - 00023664 _____ (BitLeader) C:\Windows\SysWOW64\lgfwunis.exe
2015-01-19 13:33 - 2001-08-29 21:00 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.tlb
2015-01-19 13:33 - 1998-07-22 00:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb6stkit.dll
2015-01-19 13:33 - 1998-07-22 00:00 - 00102160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6KO.DLL
2015-01-19 13:33 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2015-01-19 13:31 - 2015-01-19 13:31 - 00003148 _____ () C:\Windows\System32\Tasks\MirageAgent
2015-01-19 13:28 - 2015-01-19 13:28 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\CyberLink
2015-01-19 13:25 - 2015-01-19 13:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-01-19 13:24 - 2015-01-19 13:34 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-01-19 13:24 - 2015-01-19 13:25 - 00000000 ____D () C:\ProgramData\CLSK
2015-01-19 13:23 - 2015-01-19 13:48 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-19 13:23 - 2015-01-19 13:34 - 00000000 ____D () C:\ProgramData\Temp
2015-01-19 01:14 - 2015-01-19 01:14 - 00000247 _____ () C:\Windows\system32\2015-01-19-06-14-38.024-aswFe.exe-1448.log
2015-01-19 01:10 - 2015-01-19 01:14 - 00000247 _____ () C:\Windows\system32\2015-01-19-06-10-42.061-aswFe.exe-1344.log
2015-01-19 01:10 - 2015-01-19 01:10 - 00000197 _____ () C:\Windows\system32\2015-01-19-06-10-40.098-AvastVBoxSVC.exe-5892.log
2015-01-19 01:07 - 2015-01-19 01:07 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-19 01:07 - 2015-01-19 01:07 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-19 00:48 - 2015-01-19 00:48 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1376318163-454353977-2922242483-1001
2015-01-19 00:11 - 2015-01-19 00:11 - 00001987 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-19 00:11 - 2015-01-19 00:11 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\AVAST Software
2015-01-19 00:11 - 2015-01-19 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-19 00:10 - 2015-01-19 00:11 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 00:10 - 2015-01-19 00:11 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-19 00:10 - 2015-01-19 00:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 00:10 - 2015-01-19 00:10 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-19 00:10 - 2015-01-19 00:10 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-19 00:10 - 2015-01-19 00:10 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-19 00:10 - 2015-01-19 00:10 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-19 00:10 - 2015-01-19 00:10 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-19 00:10 - 2015-01-19 00:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-19 00:10 - 2015-01-19 00:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-19 00:10 - 2015-01-19 00:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-19 00:09 - 2015-01-19 00:09 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-19 00:08 - 2015-01-19 00:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-19 00:08 - 2015-01-19 00:08 - 05006864 _____ (AVAST Software) C:\Users\Steve\Downloads\avast_free_antivirus_setup_online.exe
2015-01-18 23:24 - 2015-01-18 23:24 - 00000000 ____D () C:\ProgramData\BitDefender
2015-01-18 23:20 - 2015-01-18 23:58 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Lavasoft
2015-01-18 23:20 - 2015-01-18 23:20 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-18 23:20 - 2015-01-18 23:20 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-18 23:20 - 2015-01-18 23:20 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-18 23:20 - 2015-01-18 23:20 - 00000246 _____ () C:\prefs.js
2015-01-18 23:20 - 2015-01-18 23:20 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\LavasoftStatistics
2015-01-18 23:20 - 2015-01-18 23:20 - 00000000 ____D () C:\Users\Steve\AppData\Local\Lavasoft
2015-01-18 23:20 - 2015-01-18 23:20 - 00000000 ____D () C:\searchplugins
2015-01-18 23:20 - 2015-01-18 23:20 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-01-18 23:20 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-18 23:20 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-18 23:20 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-01-18 23:19 - 2015-01-22 14:37 - 00002352 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-01-18 23:19 - 2015-01-18 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-01-18 23:19 - 2015-01-18 23:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-01-18 23:19 - 2015-01-18 23:19 - 00000000 ____D () C:\Program Files\Lavasoft
2015-01-18 23:19 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-01-18 23:19 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-01-18 23:19 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-01-18 23:19 - 2014-10-09 10:08 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-01-18 23:19 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-01-18 23:19 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-01-18 23:19 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-01-18 23:18 - 2015-01-18 23:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-18 23:18 - 2015-01-18 23:18 - 01924232 _____ () C:\Users\Steve\Downloads\Adaware_Installer.exe
2015-01-18 23:18 - 2015-01-18 23:18 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-01-16 12:11 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 12:11 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 12:11 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-16 12:11 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-16 12:11 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-16 12:11 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-16 12:11 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 12:11 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 12:11 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-16 12:11 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-16 12:11 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-16 12:11 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-16 12:11 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-16 12:11 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-16 12:11 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-16 12:11 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-16 12:11 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-16 12:11 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-16 12:11 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-16 12:11 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-16 12:11 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-16 12:11 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-16 12:11 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 12:11 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-16 12:11 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 06:10 - 2015-01-13 06:10 - 00286504 _____ () C:\Windows\Minidump\011315-5156-01.dmp
2015-01-13 02:32 - 2015-01-23 11:14 - 00000000 ____D () C:\ProgramData\WRData
2015-01-13 02:32 - 2015-01-19 22:32 - 00000000 ____D () C:\Program Files\Webroot
2015-01-13 02:32 - 2015-01-16 03:23 - 00000000 ____D () C:\Users\Steve\AppData\Local\lptmp671532253
2015-01-13 02:32 - 2015-01-16 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-01-13 02:32 - 2015-01-13 02:32 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-01-13 02:32 - 2015-01-13 02:32 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-01-13 02:32 - 2015-01-13 02:32 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-01-13 02:31 - 2015-01-13 02:31 - 00773256 _____ (Webroot) C:\Users\Steve\Downloads\wsainstall.exe
2015-01-13 01:41 - 2015-01-17 00:40 - 00000000 ____D () C:\Users\Steve\AppData\Local\GeniusBox
2015-01-13 01:41 - 2015-01-13 01:41 - 00004470 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-13 01:41 - 2015-01-13 01:41 - 00004260 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-13 01:41 - 2015-01-13 01:41 - 00003866 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-13 01:39 - 2015-01-13 01:39 - 00000000 ____D () C:\ProgramData\ZombieNews
2015-01-13 01:39 - 2015-01-13 01:39 - 00000000 ____D () C:\ProgramData\MxyxGoyv
2015-01-13 01:38 - 2015-01-23 10:51 - 00001790 _____ () C:\Windows\Tasks\9bfcf523-7f20-4d8b-be7a-6d30dd87d95b-10_user.job
2015-01-13 01:38 - 2015-01-13 01:38 - 00003402 _____ () C:\Windows\System32\Tasks\DonutQuotes
2015-01-13 01:38 - 2015-01-13 01:38 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-13 01:37 - 2015-01-19 00:43 - 00000000 ____D () C:\Program Files (x86)\HD-Quality-3.1V12.01
2015-01-13 01:37 - 2015-01-13 01:44 - 00000000 ____D () C:\ProgramData\donutleads
2015-01-13 01:36 - 2015-01-13 01:36 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\WebTest
2015-01-13 01:36 - 2015-01-13 01:36 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameHug Arcade
2015-01-13 01:36 - 2015-01-13 01:36 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\GameHugArcade
2015-01-13 01:35 - 2015-01-13 01:35 - 00004020 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-13 01:34 - 2015-01-16 03:23 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-01-13 01:33 - 2015-01-16 00:27 - 00000000 ____D () C:\Program Files (x86)\Consumer Input
2015-01-12 00:37 - 2015-01-18 23:24 - 00000000 ____D () C:\Users\Steve\AppData\Local\AECFEF08-3434-D344-986F-FE596AF4906D
2015-01-12 00:37 - 2015-01-12 00:37 - 00004628 _____ () C:\Windows\System32\Tasks\Runner IC
2015-01-12 00:31 - 2015-01-12 00:31 - 00000000 ____D () C:\ProgramData\1a61ae3c00004b9f
2015-01-12 00:28 - 2015-01-12 00:28 - 00000000 ____D () C:\shoplog
2015-01-12 00:16 - 2015-01-12 00:16 - 00000000 ____D () C:\Users\Steve\Documents\Optimizer Pro
2015-01-12 00:12 - 2015-01-16 03:22 - 00000000 ____D () C:\Users\Steve\AppData\Local\BoBrowser
2015-01-12 00:12 - 2015-01-12 00:12 - 00003154 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2015-01-12 00:11 - 2015-01-12 00:32 - 00006424 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-01-12 00:11 - 2015-01-12 00:32 - 00004160 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-01-12 00:11 - 2015-01-12 00:32 - 00004160 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-12 00:11 - 2015-01-12 00:26 - 00002163 _____ () C:\Windows\patsearch.bin
2015-01-12 00:11 - 2015-01-12 00:11 - 00003760 _____ () C:\Windows\System32\Tasks\TLCPDTCNSQ
2015-01-12 00:11 - 2015-01-12 00:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHK_01009.Wdf
2015-01-12 00:11 - 2015-01-12 00:11 - 00000000 ____D () C:\ProgramData\PicColorData
2015-01-12 00:10 - 2015-01-16 03:23 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-01-12 00:10 - 2015-01-13 02:36 - 00000000 ____D () C:\ProgramData\99c411729d5d42c2bf3613b8099bda9b
2015-01-12 00:10 - 2015-01-12 00:10 - 00003406 _____ () C:\Windows\System32\Tasks\LuckyTab
2015-01-12 00:10 - 2015-01-12 00:10 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\SimpleFiles
2015-01-09 00:38 - 2015-01-09 00:38 - 00285656 _____ () C:\Windows\Minidump\010915-4812-01.dmp
2014-12-30 09:20 - 2014-12-30 09:20 - 00284416 _____ () C:\Windows\Minidump\123014-5296-01.dmp
2014-12-27 08:58 - 2014-12-27 08:58 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-26 14:02 - 2014-12-27 08:58 - 00001267 _____ () C:\Users\Steve\Desktop\Chromecast.lnk
2014-12-25 20:53 - 2014-12-25 20:53 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 11:14 - 2014-01-08 12:17 - 01149619 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 11:10 - 2014-08-08 09:54 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 11:02 - 2014-08-08 09:47 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{967685BC-2EDE-4294-ACAD-DC5EFB7C69C5}
2015-01-23 11:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-23 10:55 - 2014-01-08 12:15 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 10:51 - 2014-08-09 01:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 10:28 - 2014-09-14 13:16 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376318163-454353977-2922242483-1001UA.job
2015-01-23 07:28 - 2014-09-14 13:16 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376318163-454353977-2922242483-1001Core.job
2015-01-22 19:10 - 2014-08-08 09:54 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 16:35 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-22 16:23 - 2014-08-08 12:28 - 00004736 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for UltraSharik-Steve UltraSharik
2015-01-22 16:12 - 2014-08-08 09:28 - 00000000 __RDO () C:\Users\Steve\SkyDrive
2015-01-22 14:55 - 2014-08-08 09:32 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1376318163-454353977-2922242483-1001
2015-01-22 14:36 - 2013-08-22 09:46 - 00018067 _____ () C:\Windows\setupact.log
2015-01-22 14:36 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 14:35 - 2013-08-22 08:25 - 09175040 ___SH () C:\Windows\system32\config\BBI
2015-01-22 14:19 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-22 13:22 - 2014-08-08 09:26 - 00000000 ____D () C:\Users\Steve
2015-01-22 13:22 - 2014-01-08 12:07 - 00095004 _____ () C:\Windows\PFRO.log
2015-01-21 23:47 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 16:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 23:04 - 2014-08-08 22:50 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-19 22:12 - 2014-08-10 09:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 22:09 - 2014-08-10 09:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 19:41 - 2014-08-08 18:09 - 00010653 _____ () C:\WirelessDiagLog.csv
2015-01-19 13:34 - 2014-01-08 12:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-19 13:21 - 2014-01-08 12:18 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-16 03:23 - 2014-08-08 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 03:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\WinMetadata
2015-01-16 03:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\WinMetadata
2015-01-16 03:23 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration
2015-01-16 03:23 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-01-16 03:22 - 2014-08-08 09:54 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 06:10 - 2014-08-11 23:02 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 06:10 - 2014-08-11 23:01 - 1154168422 _____ () C:\Windows\MEMORY.DMP
2015-01-13 04:12 - 2014-08-19 17:24 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Spotify
2015-01-13 04:04 - 2014-08-19 17:24 - 00000000 ____D () C:\Users\Steve\AppData\Local\Spotify
2015-01-12 00:40 - 2014-08-10 08:26 - 00000000 ____D () C:\Users\Steve\Desktop\Desktop icons
2015-01-12 00:17 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini
2015-01-08 22:47 - 2014-09-22 14:10 - 00189952 ___SH () C:\Users\Steve\Downloads\Thumbs.db
2015-01-05 19:08 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 19:08 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 06:14 - 2014-08-08 22:33 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 16:48 - 2014-08-08 09:27 - 00000000 ____D () C:\Users\Steve\AppData\Local\Packages
2014-12-27 08:58 - 2014-08-08 09:54 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2014-12-25 00:17 - 2014-08-08 10:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
 
==================== Files in the root of some directories =======
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Steve\AppData\Roaming\VHZEO
2015-01-19 13:52 - 2015-01-19 13:52 - 0002122 _____ () C:\Users\Steve\AppData\Local\DolphinLog.txt
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\22ba836c-b952-4eef-a8e5-0d68d0cc278e.exe
C:\Users\Steve\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve\AppData\Local\Temp\SpOrder.dll
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll
C:\Users\Steve\AppData\Local\Temp\ut4-_mac.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-18 03:16
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 25 January 2015 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_633] => [X]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
ShortcutTarget: GameHugArcadeApp.lnk -> C:\Users\Steve\AppData\Roaming\GameHugArcade\GameHug Arcade\GameHugArcadeApp.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKU\S-1-5-21-1376318163-454353977-2922242483-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324803&octid=EB_ORIGINAL_CTID&ISID=M1F0A2FF9-ABB9-41F5-8988-E8A70B6B925A&SearchSource=58&CUI=&UM=8&UP=SP1A2A51D8-C1DF-4659-8F69-22E7AFB1CC31&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10088_cnet_150119&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1376318163-454353977-2922242483-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
BHO-x32: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
CHR StartupUrls: Default -> "https://www.google.com/webhp?sourceid=chrome-instant&rlz=1C1CHFX_enUS600US600&ion=1&espv=2&ie=UTF-8"
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-08]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
Task: {19DB5CBB-C88A-4878-A65B-7706A491ADC6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8A76533A-E7AB-467F-95FF-4051048E3FF6} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {A4ABE270-5264-442A-89C6-EC92F881726E} - System32\Tasks\Run_Bobby_Browser => C:\Users\Steve\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {B3A595BD-F5E7-441B-9249-273B9E3D73F8} - System32\Tasks\9bfcf523-7f20-4d8b-be7a-6d30dd87d95b-10_user => C:\Program Files (x86)\HD-Quality-3.1V12.01\9bfcf523-7f20-4d8b-be7a-6d30dd87d95b-10.exe <==== ATTENTION
Task: {BCCADF3B-55FE-44F7-AC78-66AAD0C11AC1} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe <==== ATTENTION
Task: C:\Windows\Tasks\9bfcf523-7f20-4d8b-be7a-6d30dd87d95b-10_user.job => C:\Program Files (x86)\HD-Quality-3.1V12.01\9bfcf523-7f20-4d8b-be7a-6d30dd87d95b-10.exe <==== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
C:\Program Files (x86)\HD-Quality-3.1V12.01
C:\Program Files (x86)\LuckyTab
C:\Program Files (x86)\MyPC Backup
C:\Users\Steve\AppData\Local\BoBrowser

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Machine won't allow adwcleaner to work
Is the .exe file on your desktop.?
If not place it there and run it as an Administrator. Post the log if you can.

How is the computer running now?

#3 coach maverick

coach maverick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 25 January 2015 - 11:07 AM

Even with running as Administrator, I get the following message: "This app can't run on your PCarrow-10x10.png.  To find a version for your PC, check with the software publisher."  Adwcleaner states the version I have will work on Windows 8arrow-10x10.png.1, 64-bit.  What gives?

 

Machine is still infected; Fixlog.txt attached.

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 26 January 2015 - 08:38 AM


The fix was completed correctly.

I looks like a compatibility mode issue.
Check these articles.

http://windows.microsoft.com/en-CA/windows-8/get-apps-devices-working
http://windows.microsoft.com/en-ca/windows-8/older-programs-compatible-version-windows

---

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

If the problem persists execute this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#5 coach maverick

coach maverick
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 26 January 2015 - 10:47 AM

Thank you very much.  Seems to be running fine again.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 26 January 2015 - 01:44 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,241 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 01 February 2015 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users