Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ambiguous slowing, and Consistent DNS errors


  • This topic is locked This topic is locked
5 replies to this topic

#1 cleffgo

cleffgo

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:03:45 PM

Posted 27 June 2015 - 08:23 PM

Hello,

 

I'm at wits end with this, and have tried everything I know and can find. This is an older Asus Laptop, that's just used for browsing and Office. I've tried for the last two months (though not that consistently) working through disk cleanups, malwarebytes scans, SFC scans, AVG scans, WinSock resets, to no avail. This is my next step attempting to fix these issues. 

 

Virtually every new page I browse to receives a DNS_probe_finished_no_internet first before refreshing and then successful connection. At one point I found that the NIC was using IPv6 and used the Microsoft Fixit to change that back to prefer IPv4 which hasn't helped. 

 

Sorry to be so vague, but like I said, this is my next step before trying to isolate hardware issues.

 

Thanks in advance for all your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Suzy (ATTENTION: The logged in user is not administrator) on SUZY-PC on 27-06-2015 18:02:03
Running from C:\Users\Suzy\Downloads
Loaded Profiles: Suzy & Suzy Admin (Available Profiles: Suzy & Suzy Admin)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> avgrsa.exe
Failed to access process -> avgcsrva.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> WtuSystemSupport.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AsLdrSrv.exe
Failed to access process -> GFNEXSrv.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> avgidsagent.exe
Failed to access process -> avgwdsvc.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> FitbitConnectService.exe
Failed to access process -> mdm.exe
Failed to access process -> svchost.exe
Failed to access process -> SRS_VolSync.exe
Failed to access process -> svchost.exe
Failed to access process -> vds.exe
Failed to access process -> VSSVC.exe
Failed to access process -> ToolbarUpdater.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> loggingserver.exe
Failed to access process -> ShadowProtectSvc.exe
Failed to access process -> taskeng.exe
Failed to access process -> HControl.exe
Failed to access process -> MsgTranAgt64.exe
Failed to access process -> ACMON.exe
Failed to access process -> wcourier.exe
Failed to access process -> ACEngSvr.exe
Failed to access process -> avgnsa.exe
Failed to access process -> vsnapvss.exe
Failed to access process -> SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Failed to access process -> Atouch64.exe
Failed to access process -> WmiPrvSE.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
Failed to access process -> ATKOSD.exe
Failed to access process -> avgemca.exe
Failed to access process -> KBFiltr.exe
Failed to access process -> WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> iPodService.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
Failed to access process -> svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7573024 2009-03-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [616832 2009-05-07] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1126400 2008-09-30] (ATK)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-06] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-05-05] ()
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [260608 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...\Run: [SRS Premium Sound] => C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3728632 2009-04-07] (SRS Labs, Inc.)
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-06-13]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-06-13]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={75A6A5EE-B654-4376-9BF5-D0347D2E6A96}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 21:07:56&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
URLSearchHook: HKU\S-1-5-21-962365930-433620830-3365183425-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: [S-1-5-21-962365930-433620830-3365183425-1002] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {396CFCF0-C804-41CD-8024-51394AE1850E} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120519,17118,0,18,0
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_en
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={75A6A5EE-B654-4376-9BF5-D0347D2E6A96}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-10 21:07:56&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-13] (LastPass)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-05] (AVG)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-13] (LastPass)
BHO-x32: MP3 Rocket Downloader -> {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -> C:\Windows\SysWOW64\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-13] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-13] (LastPass)
Toolbar: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E6D8B62-C628-401B-9545-3D599B326839}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3982AB16-DB61-4AB1-99AB-5CFEA39CC39F}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\b4tyiica.default
FF Homepage: hxxp://mysearch.avg.com?cid={BE46F088-A0D2-4C70-99E9-87B4367F1974}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-05 06:42:28&v=17.3.1.204&pid=safeguard&sg=&sap=hp
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-13] (LastPass)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-13] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Suzy\AppData\Roaming\Mozilla\Firefox\Profiles\b4tyiica.default\Extensions\support@lastpass.com [2015-06-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2011-11-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-25]
CHR Extension: (Google Search) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-25]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.Z6EG5RNJ6JBFGEFBSQ5WEND4XI - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2013-04-19] (StorageCraft Technology Corporation)
R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [81120 2009-04-07] (SRS Labs, Inc.)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2013-04-19] (StorageCraft Technology Corporation)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-02-27] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-05-05] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104152 2006-11-25] (EZB Systems, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-03-31] (Atheros Communications, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-12-03] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2013-04-19] (StorageCraft Technology Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1820672 2008-08-10] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [342952 2009-04-01] ()
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2013-04-19] (StorageCraft Technology Corporation)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 18:02 - 2015-06-27 18:02 - 00023491 _____ C:\Users\Suzy\Downloads\FRST.txt
2015-06-27 18:01 - 2015-06-27 18:02 - 00000000 ____D C:\FRST
2015-06-27 18:01 - 2015-06-27 18:01 - 02112512 _____ (Farbar) C:\Users\Suzy\Downloads\FRST64.exe
2015-06-27 17:07 - 2015-06-27 17:07 - 00000787 _____ C:\Users\Suzy\Desktop\FixWMI.vbs
2015-06-27 16:19 - 2015-06-27 16:19 - 01114112 _____ C:\Users\Suzy\Downloads\MicrosoftFixit50410.msi
2015-06-27 12:57 - 2015-06-27 12:57 - 00001553 _____ C:\Users\Suzy\Desktop\Clear Memory.lnk
2015-06-27 12:40 - 2015-06-27 12:40 - 00665600 _____ C:\Users\Suzy\Downloads\MicrosoftFixit50656.msi
2015-06-20 09:28 - 2015-06-20 09:28 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\LastPass
2015-06-14 12:22 - 2015-06-14 12:22 - 00013055 _____ C:\Users\Suzy\Downloads\Suzy_Day_Sunrun_06012014_06142015.csv
2015-06-13 11:57 - 2015-06-13 11:57 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (7).ics
2015-06-13 11:56 - 2015-06-13 11:56 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (6).ics
2015-06-13 11:56 - 2015-06-13 11:56 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (5).ics
2015-06-13 11:55 - 2015-06-13 11:55 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (4).ics
2015-06-13 11:54 - 2015-06-13 11:54 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (3).ics
2015-06-13 11:54 - 2015-06-13 11:54 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (2).ics
2015-06-13 11:53 - 2015-06-13 11:53 - 00000340 _____ C:\Users\Suzy\Downloads\appointment.ics
2015-06-13 11:53 - 2015-06-13 11:53 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (1).ics
2015-06-13 08:07 - 2015-06-13 08:08 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-06-13 08:07 - 2015-06-13 08:07 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-06-13 08:07 - 2015-06-13 08:07 - 00000000 ____D C:\Users\Suzy Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-06-13 08:07 - 2015-06-13 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-06-13 08:05 - 2015-06-13 08:06 - 16258616 _____ (LastPass) C:\Users\Suzy\Downloads\lastpass_x64.exe
2015-06-11 22:41 - 2015-06-11 22:41 - 00000952 _____ C:\Users\Public\Desktop\MP3 Rocket 7.3.1 PRO.lnk
2015-06-11 22:41 - 2015-06-11 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2015-06-11 22:37 - 2015-06-11 22:40 - 18150912 _____ C:\Users\Suzy\Downloads\mp3rocket-pro (8).exe
2015-06-10 19:13 - 2015-06-10 19:13 - 02740806 _____ C:\Users\Suzy\Downloads\SOX5810J.86A.5600.BI.ZIP
2015-06-10 03:32 - 2015-05-08 16:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 03:32 - 2015-05-08 16:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:28 - 2015-05-04 15:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:28 - 2015-05-04 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:28 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:28 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:28 - 2015-05-04 15:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:28 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:28 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:28 - 2015-05-04 15:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:28 - 2015-05-04 14:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:28 - 2015-05-04 14:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:26 - 2015-05-21 07:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:07 - 2015-04-24 08:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-04-24 08:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 21:12 - 2015-05-30 17:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 21:12 - 2015-05-30 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 21:11 - 2015-05-30 18:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 21:11 - 2015-05-30 17:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 21:11 - 2015-05-30 17:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 21:11 - 2015-05-30 17:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 21:11 - 2015-05-30 17:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 21:11 - 2015-05-30 17:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 21:11 - 2015-05-30 17:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 21:11 - 2015-05-30 17:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 21:11 - 2015-05-30 17:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 21:11 - 2015-05-30 17:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 21:11 - 2015-05-30 16:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 21:11 - 2015-05-30 16:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 21:11 - 2015-05-30 16:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 21:11 - 2015-05-30 16:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 21:11 - 2015-05-30 16:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 21:11 - 2015-05-30 16:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 21:11 - 2015-05-30 16:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 21:11 - 2015-05-30 16:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 21:11 - 2015-05-30 16:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-09 21:11 - 2015-05-30 16:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 21:11 - 2015-05-30 16:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 21:11 - 2015-05-30 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 21:11 - 2015-05-30 16:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-09 21:11 - 2015-05-30 16:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D C:\Users\Suzy\AppData\Local\Avg
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D C:\Users\Suzy Admin\AppData\Local\Avg
2015-05-31 13:13 - 2015-05-31 13:13 - 00294812 _____ C:\Users\Suzy\Desktop\Picture Concentration.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 17:59 - 2012-04-12 16:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-27 17:34 - 2009-06-19 10:36 - 01089948 _____ C:\Windows\WindowsUpdate.log
2015-06-27 17:31 - 2014-08-17 17:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-27 17:30 - 2014-08-17 17:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 17:30 - 2011-11-08 12:06 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-06-27 17:29 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 17:29 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-27 17:29 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-27 17:27 - 2006-11-02 08:42 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-27 16:31 - 2011-11-09 15:46 - 00000000 ____D C:\Users\Suzy Admin
2015-06-27 10:19 - 2014-01-12 13:48 - 00000000 ____D C:\ProgramData\MFAData
2015-06-26 03:59 - 2012-04-12 16:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-26 03:59 - 2011-11-08 14:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-25 14:01 - 2014-11-13 16:31 - 00000879 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-25 14:01 - 2014-08-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-24 22:21 - 2015-03-31 07:52 - 01936912 _____ C:\Users\Suzy\Documents\2015 - CHASE Checking Account.xlsx
2015-06-22 11:37 - 2014-08-17 18:01 - 00002032 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 08:19 - 2011-11-09 21:41 - 00000000 ____D C:\Users\Suzy\Documents\CONNOR
2015-06-11 22:45 - 2013-02-06 22:08 - 00000000 ____D C:\Users\Suzy Admin\Incomplete
2015-06-11 22:44 - 2014-07-30 18:43 - 00000000 ____D C:\Users\Suzy\AppData\Local\CrashDumps
2015-06-11 22:44 - 2013-02-06 22:07 - 00000000 ____D C:\Users\Suzy Admin\AppData\Roaming\MP3Rocket
2015-06-11 22:44 - 2011-11-09 11:23 - 00000000 ____D C:\Program Files (x86)\MP3 Rocket
2015-06-11 22:41 - 2006-11-02 05:46 - 00763734 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 22:40 - 2013-05-08 11:17 - 00000732 _____ C:\Users\Suzy\AppData\Local\d3d9caps64.dat
2015-06-11 22:37 - 2012-01-27 17:14 - 00000000 ____D C:\Users\Suzy\Incomplete
2015-06-10 21:24 - 2014-02-25 10:34 - 00000000 ____D C:\Windows\Minidump
2015-06-10 04:21 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2015-06-10 04:02 - 2006-11-02 08:21 - 00387456 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:32 - 2008-09-19 04:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 03:26 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:08 - 2006-11-02 05:35 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-31 12:13 - 2015-03-01 17:44 - 00000000 ____D C:\Users\Suzy\Desktop\Fidelity
 
==================== Files in the root of some directories =======
 
2015-06-13 08:08 - 2015-06-13 08:08 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-25 23:10 - 2015-01-25 23:10 - 0038437 _____ () C:\Users\Suzy\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-05-02 12:18 - 2015-05-02 12:18 - 0012969 _____ () C:\Users\Suzy\AppData\Roaming\Comma Separated Values (Windows).CAL
2011-12-18 11:33 - 2011-12-18 11:33 - 0024226 _____ () C:\Users\Suzy\AppData\Roaming\UserTile.png
2011-11-27 17:06 - 2011-11-27 17:06 - 0000680 _____ () C:\Users\Suzy\AppData\Local\d3d9caps.dat
2013-05-08 11:17 - 2015-06-11 22:40 - 0000732 _____ () C:\Users\Suzy\AppData\Local\d3d9caps64.dat
2011-11-08 16:17 - 2014-07-30 07:21 - 0017408 _____ () C:\Users\Suzy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-09 11:27 - 2011-11-09 11:27 - 0423480 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI02BF.txt
2012-05-20 22:50 - 2012-05-20 22:50 - 0361564 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI7543.txt
2012-05-20 22:50 - 2012-05-20 22:51 - 0423352 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistMSI7560.txt
2011-11-09 11:27 - 2011-11-09 11:27 - 0012308 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI02BF.txt
2012-05-20 22:50 - 2012-05-20 22:50 - 0011426 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI7543.txt
2012-05-20 22:50 - 2012-05-20 22:51 - 0011472 _____ () C:\Users\Suzy\AppData\Local\dd_vcredistUI7560.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:03:45 PM

Posted 27 June 2015 - 08:28 PM

I realized after I posted that I didn't run FRST as admin. Re-ran FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Suzy Admin (administrator) on SUZY-PC on 27-06-2015 18:26:26
Running from C:\Users\Suzy\Downloads
Loaded Profiles: Suzy & Suzy Admin (Available Profiles: Suzy & Suzy Admin)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(StorageCraft Technology Corporation) C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7573024 2009-03-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [616832 2009-05-07] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [159744 2009-04-20] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [8392704 2009-03-04] (ASUS)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [1126400 2008-09-30] (ATK)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1593344 2009-02-06] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-05-05] ()
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [260608 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...\Run: [SRS Premium Sound] => C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe [3728632 2009-04-07] (SRS Labs, Inc.)
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-962365930-433620830-3365183425-1000\$d33821637e9747f824fbb441cd7d67eb\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-962365930-433620830-3365183425-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Suzy Admin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-06-13]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-06-13]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-962365930-433620830-3365183425-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={75A6A5EE-B654-4376-9BF5-D0347D2E6A96}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-10 21:07:56&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-962365930-433620830-3365183425-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-962365930-433620830-3365183425-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-962365930-433620830-3365183425-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {396CFCF0-C804-41CD-8024-51394AE1850E} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120519,17118,0,18,0
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_en
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={75A6A5EE-B654-4376-9BF5-D0347D2E6A96}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-10 21:07:56&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1002 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-13] (LastPass)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-05] (AVG)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-13] (LastPass)
BHO-x32: MP3 Rocket Downloader -> {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -> C:\Windows\SysWOW64\mscoree.dll [2009-11-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-13] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-13] (LastPass)
Toolbar: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1E6D8B62-C628-401B-9545-3D599B326839}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3982AB16-DB61-4AB1-99AB-5CFEA39CC39F}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-13] (LastPass)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-13] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2011-11-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-17]
CHR Extension: (Google Drive) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
CHR Extension: (YouTube) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-17]
CHR Extension: (Google Search) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-15]
CHR Extension: (Google Wallet) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
CHR Extension: (Gmail) - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.Z6EG5RNJ6JBFGEFBSQ5WEND4XI - C:\Users\Suzy Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ShadowProtectSvc; C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4672336 2013-04-19] (StorageCraft Technology Corporation)
R2 SRS_VolSync_Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [81120 2009-04-07] (SRS Labs, Inc.)
R2 VSNAPVSS; C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe [71976 2013-04-19] (StorageCraft Technology Corporation)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-02-27] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-05-05] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104152 2006-11-25] (EZB Systems, Inc.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2008-11-03] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-03-31] (Atheros Communications, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-12-03] (Lavasoft AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 sbmount; C:\Windows\System32\Drivers\sbmount.sys [116008 2013-04-19] (StorageCraft Technology Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1820672 2008-08-10] ()
R3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\srs_PremiumSound_amd64.sys [342952 2009-04-01] ()
R0 stcvsm; C:\Windows\System32\DRIVERS\stcvsm.sys [277288 2013-04-19] (StorageCraft Technology Corporation)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 18:03 - 2015-06-27 18:03 - 00038384 _____ C:\Users\Suzy\Downloads\Addition.txt
2015-06-27 18:02 - 2015-06-27 18:26 - 00022779 _____ C:\Users\Suzy\Downloads\FRST.txt
2015-06-27 18:01 - 2015-06-27 18:26 - 00000000 ____D C:\FRST
2015-06-27 18:01 - 2015-06-27 18:01 - 02112512 _____ (Farbar) C:\Users\Suzy\Downloads\FRST64.exe
2015-06-27 17:07 - 2015-06-27 17:07 - 00000787 _____ C:\Users\Suzy\Desktop\FixWMI.vbs
2015-06-27 16:19 - 2015-06-27 16:19 - 01114112 _____ C:\Users\Suzy\Downloads\MicrosoftFixit50410.msi
2015-06-27 12:57 - 2015-06-27 12:57 - 00001553 _____ C:\Users\Suzy\Desktop\Clear Memory.lnk
2015-06-27 12:40 - 2015-06-27 12:40 - 00665600 _____ C:\Users\Suzy\Downloads\MicrosoftFixit50656.msi
2015-06-20 09:28 - 2015-06-20 09:28 - 00000000 ____D C:\Users\Suzy\AppData\Roaming\LastPass
2015-06-14 12:22 - 2015-06-14 12:22 - 00013055 _____ C:\Users\Suzy\Downloads\Suzy_Day_Sunrun_06012014_06142015.csv
2015-06-13 11:57 - 2015-06-13 11:57 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (7).ics
2015-06-13 11:56 - 2015-06-13 11:56 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (6).ics
2015-06-13 11:56 - 2015-06-13 11:56 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (5).ics
2015-06-13 11:55 - 2015-06-13 11:55 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (4).ics
2015-06-13 11:54 - 2015-06-13 11:54 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (3).ics
2015-06-13 11:54 - 2015-06-13 11:54 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (2).ics
2015-06-13 11:53 - 2015-06-13 11:53 - 00000340 _____ C:\Users\Suzy\Downloads\appointment.ics
2015-06-13 11:53 - 2015-06-13 11:53 - 00000340 _____ C:\Users\Suzy\Downloads\appointment (1).ics
2015-06-13 08:07 - 2015-06-13 08:08 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-06-13 08:07 - 2015-06-13 08:07 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-06-13 08:07 - 2015-06-13 08:07 - 00000000 ____D C:\Users\Suzy Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-06-13 08:07 - 2015-06-13 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-06-13 08:05 - 2015-06-13 08:06 - 16258616 _____ (LastPass) C:\Users\Suzy\Downloads\lastpass_x64.exe
2015-06-11 22:41 - 2015-06-11 22:41 - 00000952 _____ C:\Users\Public\Desktop\MP3 Rocket 7.3.1 PRO.lnk
2015-06-11 22:41 - 2015-06-11 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
2015-06-11 22:37 - 2015-06-11 22:40 - 18150912 _____ C:\Users\Suzy\Downloads\mp3rocket-pro (8).exe
2015-06-10 19:13 - 2015-06-10 19:13 - 02740806 _____ C:\Users\Suzy\Downloads\SOX5810J.86A.5600.BI.ZIP
2015-06-10 03:32 - 2015-05-08 16:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 03:32 - 2015-05-08 16:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:28 - 2015-05-04 15:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 03:28 - 2015-05-04 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 03:28 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 03:28 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 03:28 - 2015-05-04 15:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:28 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:28 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:28 - 2015-05-04 15:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:28 - 2015-05-04 14:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:28 - 2015-05-04 14:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 03:26 - 2015-05-21 07:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:07 - 2015-04-24 08:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 03:07 - 2015-04-24 08:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 21:12 - 2015-05-30 17:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 21:12 - 2015-05-30 16:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 21:11 - 2015-05-30 18:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 21:11 - 2015-05-30 17:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 21:11 - 2015-05-30 17:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 21:11 - 2015-05-30 17:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 21:11 - 2015-05-30 17:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 21:11 - 2015-05-30 17:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 21:11 - 2015-05-30 17:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 21:11 - 2015-05-30 17:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 21:11 - 2015-05-30 17:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 21:11 - 2015-05-30 17:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 21:11 - 2015-05-30 17:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 21:11 - 2015-05-30 17:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 21:11 - 2015-05-30 16:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 21:11 - 2015-05-30 16:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 21:11 - 2015-05-30 16:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 21:11 - 2015-05-30 16:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 21:11 - 2015-05-30 16:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 21:11 - 2015-05-30 16:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 21:11 - 2015-05-30 16:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 21:11 - 2015-05-30 16:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 21:11 - 2015-05-30 16:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 21:11 - 2015-05-30 16:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-09 21:11 - 2015-05-30 16:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 21:11 - 2015-05-30 16:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 21:11 - 2015-05-30 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 21:11 - 2015-05-30 16:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-09 21:11 - 2015-05-30 16:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D C:\Users\Suzy\AppData\Local\Avg
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D C:\Users\Suzy Admin\AppData\Local\Avg
2015-05-31 13:13 - 2015-05-31 13:13 - 00294812 _____ C:\Users\Suzy\Desktop\Picture Concentration.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 18:13 - 2013-03-22 07:50 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{085EB22A-1FB7-4D95-B2B2-02544E809841}
2015-06-27 17:59 - 2012-04-12 16:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-27 17:34 - 2009-06-19 10:36 - 01089948 _____ C:\Windows\WindowsUpdate.log
2015-06-27 17:31 - 2014-08-17 17:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-27 17:30 - 2014-08-17 17:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 17:30 - 2011-11-08 12:06 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2015-06-27 17:29 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 17:29 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-27 17:29 - 2006-11-02 08:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-27 17:27 - 2006-11-02 08:42 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-27 16:31 - 2011-11-09 15:46 - 00000000 ____D C:\Users\Suzy Admin
2015-06-27 10:19 - 2014-01-12 13:48 - 00000000 ____D C:\ProgramData\MFAData
2015-06-26 03:59 - 2012-04-12 16:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-26 03:59 - 2012-04-12 16:11 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-26 03:59 - 2011-11-08 14:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-25 14:01 - 2014-11-13 16:31 - 00000879 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-25 14:01 - 2014-08-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-24 22:21 - 2015-03-31 07:52 - 01936912 _____ C:\Users\Suzy\Documents\2015 - CHASE Checking Account.xlsx
2015-06-22 11:37 - 2014-08-17 18:01 - 00002032 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 08:19 - 2011-11-09 21:41 - 00000000 ____D C:\Users\Suzy\Documents\CONNOR
2015-06-11 22:45 - 2013-02-06 22:08 - 00000000 ____D C:\Users\Suzy Admin\Incomplete
2015-06-11 22:44 - 2014-07-30 18:43 - 00000000 ____D C:\Users\Suzy\AppData\Local\CrashDumps
2015-06-11 22:44 - 2013-02-06 22:07 - 00000000 ____D C:\Users\Suzy Admin\AppData\Roaming\MP3Rocket
2015-06-11 22:44 - 2011-11-09 11:23 - 00000000 ____D C:\Program Files (x86)\MP3 Rocket
2015-06-11 22:41 - 2006-11-02 05:46 - 00763734 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 22:40 - 2013-05-08 11:17 - 00000732 _____ C:\Users\Suzy\AppData\Local\d3d9caps64.dat
2015-06-11 22:37 - 2012-01-27 17:14 - 00000000 ____D C:\Users\Suzy\Incomplete
2015-06-10 21:24 - 2014-02-25 10:34 - 00000000 ____D C:\Windows\Minidump
2015-06-10 04:21 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2015-06-10 04:02 - 2006-11-02 08:21 - 00387456 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:32 - 2008-09-19 04:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 03:26 - 2013-08-15 03:06 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:08 - 2006-11-02 05:35 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-31 12:13 - 2015-03-01 17:44 - 00000000 ____D C:\Users\Suzy\Desktop\Fidelity
 
==================== Files in the root of some directories =======
 
2015-06-13 08:08 - 2015-06-13 08:08 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-04-13 19:57 - 2013-04-13 20:04 - 0003584 _____ () C:\Users\Suzy Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-27 17:36
 
==================== End of log ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 29 June 2015 - 09:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-05-05] ()
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-962365930-433620830-3365183425-1000\$d33821637e9747f824fbb441cd7d67eb\n. ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-962365930-433620830-3365183425-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-962365930-433620830-3365183425-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={75A6A5EE-B654-4376-9BF5-D0347D2E6A96}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-10 21:07:56&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2011-11-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-09]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-02-27] (AVG Secure Search)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 cleffgo

cleffgo
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LA, SOCAL
  • Local time:03:45 PM

Posted 29 June 2015 - 10:36 PM

Already much better. No more DNS errors, and browsing and computer are snappy again. Will you help interpret the results, please? I see a bunch of AVG files got deleted, was this part of the problem?

 

Thanks again for your time and help.

 

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Suzy Admin at 2015-06-29 16:55:33 Run:1
Running from C:\Users\Suzy\Downloads
Loaded Profiles: Suzy & Suzy Admin (Available Profiles: Suzy & Suzy Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-05-05] ()
HKU\S-1-5-21-962365930-433620830-3365183425-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-962365930-433620830-3365183425-1000\$d33821637e9747f824fbb441cd7d67eb\n. ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-962365930-433620830-3365183425-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-962365930-433620830-3365183425-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={75A6A5EE-B654-4376-9BF5-D0347D2E6A96}&mid=0e1f9b81add947d2bfc8d16f5ea30a61-efc8aa3738bbf68cc6c2c0881a61c767a0b5aa99&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-12-10 21:07:56&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-962365930-433620830-3365183425-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll No File
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2011-11-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-09]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-02-27] (AVG Secure Search)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe => No running process found
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value removed successfully
"HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-962365930-433620830-3365183425-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
HKU\S-1-5-21-962365930-433620830-3365183425-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-962365930-433620830-3365183425-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
HKU\S-1-5-21-962365930-433620830-3365183425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.0" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => key removed successfully
vToolbarUpdater18.4.0 => Service removed successfully
Beep => Service removed successfully
catchme => Service removed successfully
IpInIp => Service removed successfully
MREMP50 => Service removed successfully
MREMP50a64 => Service removed successfully
MREMPR5 => Service removed successfully
MRENDIS5 => Service removed successfully
MRESP50 => Service removed successfully
MRESP50a64 => Service removed successfully
NwlnkFlt => Service removed successfully
NwlnkFwd => Service removed successfully
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 16:58:07 ====
 
 
AdwCleaner[S1].txt:
 
# AdwCleaner v4.207 - Logfile created 29/06/2015 at 20:14:03
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Suzy Admin - SUZY-PC
# Running from : C:\Users\Suzy\Downloads\adwcleaner_4.207.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[!] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
[!] Folder Deleted : C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage
File Deleted : C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage-journal
File Deleted : C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16659
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v43.0.2357.130
 
[C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Suzy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : edmgmpmklgfbohogafcfobonnkogchec
[C:\Users\Suzy Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
 
*************************
 
AdwCleaner[R0].txt - [15939 bytes] - [02/08/2014 13:49:02]
AdwCleaner[R1].txt - [3761 bytes] - [29/06/2015 20:10:49]
AdwCleaner[S0].txt - [15122 bytes] - [02/08/2014 14:01:01]
AdwCleaner[S1].txt - [3590 bytes] - [29/06/2015 20:14:03]
 
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [3649  bytes] ##########
 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 30 June 2015 - 07:27 AM


The additional Toolbars installed by AVG are not required for the tool to work correctly.

The worse was caused by the ZeroAccess infection.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:45 PM

Posted 04 July 2015 - 08:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users