Tech Support banner

Status
Not open for further replies.
1 - 20 of 31 Posts

·
Registered
Joined
·
24 Posts
Discussion Starter #1
Hello

My computer is stuck on the "Shutting Down" screen. I had some adware and viruses that I had removed prior to reading about this group. I do not have the names of the removed viruses or adware and I do not have easy access to a windows install disc or boot disc.

Here is my 2 dds logs...thanks for any help

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18205
Run by Jen at 16:17:34 on 2016-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8120.5996 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\Av\avgrsa.exe
C:\Program Files (x86)\AVG\Av\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPCardEngine.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\AVG\Av\avgidsagent.exe
C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
C:\windows\system32\schtasks.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
C:\Program Files (x86)\AVG\Av\avgnsa.exe
C:\Program Files (x86)\AVG\Av\avgemca.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
C:\windows\system32\taskhost.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\taskeng.exe
c:\program files (x86)\teamviewer\version9\TeamViewer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
mWinlogon: Userinit = userinit.exe,
BHO: HP File Sanitizer: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CF7D46E1-3CF2-49E2-9C56-8096C197A162} : DHCPNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = DPPassFilter scecli
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.75\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Jen\AppData\Local\Citrix\Plugins\104\npappdetector.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2016-1-26 272304]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2016-2-16 360736]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2016-3-7 246560]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2015-12-4 42416]
R0 avguniva;AVG Universal Driver;C:\windows\System32\drivers\avguniva.sys [2016-3-8 71456]
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-9-20 630632]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-9-20 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 PinFile;PinFile;C:\windows\System32\drivers\PinFile.sys [2013-8-22 49856]
R0 SDDisk2K;SDDisk2K;C:\windows\System32\drivers\SDDisk2K.sys [2013-8-22 228544]
R0 SDDToki;SDDToki;C:\windows\System32\drivers\SDDToki.sys [2013-8-22 131264]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2016-2-16 162592]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2016-3-8 306976]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2015-10-21 284080]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2015-10-8 302000]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\drivers\CLVirtualDrive.sys [2014-3-24 90608]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\Av\avgidsagent.exe [2016-4-6 3993088]
R2 avgsvc;AVG Service;C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [2016-3-23 1074448]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [2016-4-6 593880]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-1-23 2828016]
R2 CreoService;HP Trust Circles Service;C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [2013-10-2 1390552]
R2 CtAgentService;Absolute Software Agent Service;C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [2013-8-14 7168]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2014-3-24 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2014-3-24 298760]
R2 DiagTrack;Diagnostics Tracking Service;C:\windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 HpDamServiceHost;HP Device Access Manager Usage Service;C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [2013-11-15 18232]
R2 HPFSService;HP File Sanitizer;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2013-9-17 1758936]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2014-3-24 1143432]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2014-12-9 1248256]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-3-24 246488]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-1-22 5261584]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-3-3 1215560]
R3 IceKore;IceKore;C:\windows\System32\drivers\IceKore.sys [2013-9-30 401368]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-3-24 881880]
R3 RtlWlanu;AC1200 Dual Band USB Adapter;C:\windows\System32\drivers\RTWlanU.sys [2016-4-4 2341448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-8-29 92160]
S2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2014-3-24 131544]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-3-24 169432]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AvgAMPS;AvgAMPS;C:\Program Files (x86)\AVG\Av\avgamps.exe [2016-4-6 638456]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2013-10-7 65752]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2013-11-20 567608]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [2015-3-12 610888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2016-2-23 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2015-1-22 1255736]
S4 RunSwUSB;RunSwUSB;C:\Windows\runSW.exe [2016-4-4 36864]
S4 vToolbarUpdater40.2.6;vToolbarUpdater40.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [2016-2-22 1949768]
S4 WlanWpsSvc;WlanWpsSvc;C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe [2016-4-4 167936]
.
=============== Created Last 30 ================
.
2016-04-15 18:10:44 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.1408.dll
2016-04-15 17:53:36 -------- d-----w- C:\ProgramData\Avg_Update_0216piz
2016-04-15 17:42:41 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.816.dll
2016-04-15 17:29:34 -------- d-----w- C:\Users\Jen\AppData\Local\ElevatedDiagnostics
2016-04-15 17:24:25 6871040 ----a-w- C:\Program Files (x86)\GUTCCE2.tmp
2016-04-15 17:24:25 -------- d-----w- C:\Program Files (x86)\GUMCCE1.tmp
2016-04-15 17:10:59 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.1004.dll
2016-04-15 15:22:44 6871040 ----a-w- C:\Program Files (x86)\GUT3275.tmp
2016-04-15 15:22:44 -------- d-----w- C:\Program Files (x86)\GUM3274.tmp
2016-04-06 11:45:01 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.972.dll
2016-04-06 11:44:44 -------- d-----w- C:\AVG_Remover
2016-04-05 23:47:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.948.dll
2016-04-04 12:47:35 36864 ----a-w- C:\windows\runSW.exe
2016-04-04 12:47:34 430080 ----a-w- C:\windows\SwUSB.exe
2016-04-04 12:47:34 2341448 ----a-w- C:\windows\System32\drivers\RTWlanU.sys
2016-04-04 12:47:34 -------- d-----w- C:\Program Files\TRENDnet
2016-04-04 11:59:42 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\offreg.992.dll
2016-03-19 12:33:53 -------- d-----w- C:\Users\Jen\AppData\Local\Deployment
2016-03-19 12:33:53 -------- d-----w- C:\Users\Jen\AppData\Local\Apps
2016-03-18 17:12:24 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05280EBA-D7C7-40DA-8E55-D71B773CDEC2}\gapaengine.dll
2016-03-18 17:12:09 11249080 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F9056-E383-4856-BC63-4B82C698720E}\mpengine.dll
.
==================== Find3M ====================
.
2016-04-15 18:08:51 192216 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2016-03-10 18:09:06 64896 ----a-w- C:\windows\System32\drivers\mwac.sys
2016-03-10 18:08:58 140672 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2016-03-10 18:08:54 27008 ----a-w- C:\windows\System32\drivers\mbam.sys
2016-03-08 21:12:26 71456 ----a-w- C:\windows\System32\drivers\avguniva.sys
2016-03-08 21:12:06 306976 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2016-03-07 18:39:02 246560 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2016-02-19 19:02:43 38336 ----a-w- C:\windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11 1168896 ----a-w- C:\windows\System32\aeinv.dll
2016-02-19 14:07:35 1373184 ----a-w- C:\windows\System32\appraiser.dll
2016-02-16 20:07:34 162592 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2016-02-16 20:05:56 360736 ----a-w- C:\windows\System32\drivers\avgloga.sys
2016-02-11 14:07:46 689152 ----a-w- C:\windows\System32\generaltel.dll
2016-02-06 10:32:57 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2016-02-06 10:10:21 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2016-02-06 09:54:50 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2016-02-06 09:37:23 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2016-02-05 14:07:51 696832 ----a-w- C:\windows\System32\invagent.dll
2016-02-05 14:07:51 499200 ----a-w- C:\windows\System32\devinv.dll
2016-02-05 14:07:50 76800 ----a-w- C:\windows\System32\acmigration.dll
2016-01-26 16:04:26 272304 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2016-01-22 06:56:05 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2016-01-22 06:41:35 66560 ----a-w- C:\windows\System32\iesetup.dll
2016-01-22 06:40:50 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2016-01-22 06:40:43 417792 ----a-w- C:\windows\System32\html.iec
2016-01-22 06:40:13 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2016-01-22 06:40:12 571904 ----a-w- C:\windows\System32\vbscript.dll
2016-01-22 06:29:43 6052352 ----a-w- C:\windows\System32\jscript9.dll
2016-01-22 06:27:40 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2016-01-22 06:27:24 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2016-01-22 06:27:10 5573056 ----a-w- C:\windows\System32\ntoskrnl.exe
2016-01-22 06:27:08 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2016-01-22 06:27:08 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2016-01-22 06:24:12 1733592 ----a-w- C:\windows\System32\ntdll.dll
2016-01-22 06:20:53 362496 ----a-w- C:\windows\System32\wow64win.dll
2016-01-22 06:20:53 243712 ----a-w- C:\windows\System32\wow64.dll
2016-01-22 06:20:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2016-01-22 06:20:36 215040 ----a-w- C:\windows\System32\winsrv.dll
2016-01-22 06:20:33 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2016-01-22 06:20:31 210432 ----a-w- C:\windows\System32\wdigest.dll
2016-01-22 06:20:20 86528 ----a-w- C:\windows\System32\TSpkg.dll
2016-01-22 06:20:10 28672 ----a-w- C:\windows\System32\sspisrv.dll
2016-01-22 06:20:10 135680 ----a-w- C:\windows\System32\sspicli.dll
2016-01-22 06:20:08 503808 ----a-w- C:\windows\System32\srcore.dll
2016-01-22 06:20:08 50176 ----a-w- C:\windows\System32\srclient.dll
2016-01-22 06:19:06 28160 ----a-w- C:\windows\System32\secur32.dll
2016-01-22 06:19:04 344064 ----a-w- C:\windows\System32\schannel.dll
2016-01-22 06:19:02 1214464 ----a-w- C:\windows\System32\rpcrt4.dll
2016-01-22 06:18:49 961024 ----a-w- C:\windows\System32\CPFilters.dll
2016-01-22 06:18:49 723968 ----a-w- C:\windows\System32\EncDec.dll
2016-01-22 06:18:32 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2016-01-22 06:17:03 312320 ----a-w- C:\windows\System32\ncrypt.dll
2016-01-22 06:17:01 159744 ----a-w- C:\windows\System32\mtxoci.dll
2016-01-22 06:17:00 315392 ----a-w- C:\windows\System32\msv1_0.dll
2016-01-22 06:16:55 60416 ----a-w- C:\windows\System32\msobjs.dll
2016-01-22 06:16:39 146432 ----a-w- C:\windows\System32\msaudite.dll
2016-01-22 06:16:00 1461248 ----a-w- C:\windows\System32\lsasrv.dll
2016-01-22 06:15:31 730112 ----a-w- C:\windows\System32\kerberos.dll
2016-01-22 06:15:31 422400 ----a-w- C:\windows\System32\KernelBase.dll
2016-01-22 06:15:01 1866752 ----a-w- C:\windows\System32\ExplorerFrame.dll
2016-01-22 06:13:15 3993536 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2016-01-22 06:13:15 3938752 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2016-01-22 06:13:06 43520 ----a-w- C:\windows\System32\csrsrv.dll
2016-01-22 06:13:04 43520 ----a-w- C:\windows\System32\cryptbase.dll
2016-01-22 06:13:03 22016 ----a-w- C:\windows\System32\credssp.dll
2016-01-22 06:09:40 1314328 ----a-w- C:\windows\SysWow64\ntdll.dll
2016-01-22 06:09:06 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2016-01-22 06:06:50 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2016-01-22 06:06:50 665088 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2016-01-22 06:06:50 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2016-01-22 06:06:50 275456 ----a-w- C:\windows\SysWow64\KernelBase.dll
2016-01-22 06:06:30 171520 ----a-w- C:\windows\SysWow64\wdigest.dll
2016-01-22 06:06:19 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2016-01-22 06:06:11 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2016-01-22 06:05:27 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2016-01-22 06:05:20 251392 ----a-w- C:\windows\SysWow64\schannel.dll
2016-01-22 06:04:36 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2016-01-22 06:04:36 535040 ----a-w- C:\windows\SysWow64\EncDec.dll
2016-01-22 06:02:58 223232 ----a-w- C:\windows\SysWow64\ncrypt.dll
2016-01-22 06:02:56 114176 ----a-w- C:\windows\SysWow64\mtxoci.dll
2016-01-22 06:02:55 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2016-01-22 06:02:52 176128 ----a-w- C:\windows\SysWow64\msorcl32.dll
2016-01-22 06:02:49 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2016-01-22 06:02:26 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2016-01-22 06:02:01 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2016-01-22 06:02:01 496640 ----a-w- C:\windows\SysWow64\vbscript.dll
2016-01-22 06:02:00 553472 ----a-w- C:\windows\SysWow64\kerberos.dll
2016-01-22 06:01:26 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2016-01-22 06:01:17 341504 ----a-w- C:\windows\SysWow64\html.iec
2016-01-22 06:00:45 1498624 ----a-w- C:\windows\SysWow64\ExplorerFrame.dll
2016-01-22 06:00:26 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2016-01-22 05:51:37 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2016-01-22 05:46:10 2123264 ----a-w- C:\windows\System32\inetcpl.cpl
2016-01-22 05:46:00 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2016-01-22 05:39:38 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-01-22 05:35:15 4611072 ----a-w- C:\windows\SysWow64\jscript9.dll
2016-01-22 05:31:43 2597376 ----a-w- C:\windows\System32\wininet.dll
2016-01-22 05:24:59 2050560 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2016-01-22 05:24:40 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2016-01-22 05:19:39 3231232 ----a-w- C:\windows\explorer.exe
.
============= FINISH: 16:24:23.02 ===============
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I had some adware and viruses that I had removed prior to reading about this group. I do not have the names of the removed viruses or adware
What removal tool(s) did you run?

Did you know you have no system restore points saved on this machine, or did you know you system restore is disabled?

Also, are you using TeamViewer to get help from others with your current problems?

-----------------------------------------------------

It appears that you have two antivirus programs installed and running, AVG and Security Essentials.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

I suggest uninstalling AVG. If you do, after uninstalling AVG via Programs and Features, run this tool:

Please download AVG Remover and Save it to your Desktop.
  • Close all programs and double-click avg_remover_stf_x64_2012_1796.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Reboot your computer if not prompted already.
  • Then delete avg_remover_stf_x64_2012_1796.exe from your desktop.
------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter #3
Thank you for your reply...I will follow your instructions and get back to you.

I did not know the restore points were turned off and I did not realize that there were two antivirus programs running. I will uninstall Avg and run the two other programs you suggested.
 

·
Registered
Joined
·
24 Posts
Discussion Starter #4
Here are the results

Adware:

# AdwCleaner v5.111 - Logfile created 17/04/2016 at 09:57:03
# Updated 14/04/2016 by Xplode
# Database : 2016-04-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Jen - JEN-HP
# Running from : C:\Users\Jen\Downloads\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.2.6

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_0316tb
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0215tb
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0316tb
[-] Folder Deleted : C:\Users\Jen\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\Jen\AppData\LocalLow\avg web tuneup
[-] Folder Deleted : C:\Users\Jen\Application Data\download Manager

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Chrome Cleanup Tool logs upload retry

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt

***** [ Web browsers ] *****

[-] [C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[-] [C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&[...]

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5393 bytes] - [17/04/2016 09:57:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [5562 bytes] - [17/04/2016 09:53:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5539 bytes] ##########


FRST64:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by Jen (administrator) on JEN-HP (17-04-2016 09:54:56)
Running from C:\Users\Jen\Downloads
Loaded Profiles: Jen (Available Profiles: Jen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
() C:\Users\Jen\Downloads\AdwCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CF7D46E1-3CF2-49E2-9C56-8096C197A162}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-4205856661-1225364214-319147729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
HKU\S-1-5-21-4205856661-1225364214-319147729-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKU\S-1-5-21-4205856661-1225364214-319147729-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-17] (Hewlett-Packard)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-22] (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-10] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=hp
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-11-21] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-4205856661-1225364214-319147729-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-12] (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-03-24] [not signed]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Sheets) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (HP Client Security Manager) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR Profile: C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (US Weather Radar) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2015-03-29]
CHR Extension: (Entanglement Web App) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-03-29]
CHR Extension: (OneNote Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2016-02-05]
CHR Extension: (Photoshop 4U) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf [2015-10-14]
CHR Extension: (YOU.DJ app) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2016-03-10]
CHR Extension: (Invoice2go) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmjkikjpbpaehaclfdkmjdofdgodaakp [2016-01-15]
CHR Extension: (Google Calendar) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Pandora) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-03-29]
CHR Extension: (Zoho Show) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiicmodaknllfjlmeempmdcnoljgbpmi [2015-03-29]
CHR Extension: (Word Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-02-05]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-02-01]
CHR Extension: (Full Screen Weather) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-22]
CHR Extension: (The QR Code Generator) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-01-15]
CHR Extension: (Ultimate Fonts) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbjdlaifgnadeanlpdipkcdfjoonkehh [2015-03-29]
CHR Extension: (Old Maps Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ildefchbaikbajjccfmamfppgciacekl [2015-03-29]
CHR Extension: (Excel Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2016-02-05]
CHR Extension: (Barcode Generator) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilkhkkdihamgncpphbkidijapnccgbmp [2016-01-15]
CHR Extension: (theHunter) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jangaedeekciafhlanphhnalogmhefmo [2015-03-29]
CHR Extension: (Google Forms) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-09-10]
CHR Extension: (Yesware Reports) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kiciehannidbjakcefendokamkjnolhg [2015-03-29]
CHR Extension: (Build with Chrome) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-03-29]
CHR Extension: (Evernote Web) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-02-02]
CHR Extension: (Floor plans and interior design) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcafejemebbngbglfoinpoaannbihjna [2015-03-29]
CHR Extension: (Rain Alarm) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\meaikaglpfemjncbioflellmppndgmok [2016-02-02]
CHR Extension: (Google Play Books) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-02-03]
CHR Extension: (WGT Golf Game) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2015-03-29]
CHR Extension: (Google I/O: input/output) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbmphclbekipaojhpbkbofoioffecilh [2015-03-29]
CHR Extension: (HP Client Security Manager) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-03-27]
CHR Extension: (OneDrive) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-02-05]
CHR Extension: (SendHub - Business Phone System) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlijkadphehijfiiigjeklnlnknmmped [2015-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Floor Plan Creator) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2015-03-29]
CHR Extension: (Viewster - Watch Free Movies Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2015-03-29]
CHR Extension: (Outlook.com) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2016-01-25]
CHR Extension: (Psykopaint) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
S2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
S2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-03-12] (Citrix Systems, Inc.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
S2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
S2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-09] (Intuit Inc.) [File not signed]
S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-09] (Intuit Inc.) [File not signed]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S4 RunSwUSB; C:\Windows\runSW.exe [36864 2012-12-14] () [File not signed]
S4 vToolbarUpdater40.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-22] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-24] (Microsoft Corporation)
S4 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-02-22] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
S0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
S1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-20] (Intel Corporation)
S3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [401368 2013-09-30] (CryptoMill Technologies Inc.)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-08-22] (WinMagic Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2341448 2013-02-09] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-08-22] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-08-22] (WinMagic Inc.)
S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 09:54 - 2016-04-17 09:54 - 00023188 _____ C:\Users\Jen\Downloads\FRST.txt
2016-04-17 09:54 - 2016-04-17 09:54 - 00001389 _____ C:\Users\Jen\Desktop\FRST64 - Shortcut.lnk
2016-04-17 09:54 - 2016-04-17 09:54 - 00000000 ____D C:\FRST
2016-04-17 09:53 - 2016-04-17 09:53 - 02375168 _____ (Farbar) C:\Users\Jen\Downloads\FRST64.exe
2016-04-17 09:53 - 2016-04-17 09:53 - 00000000 ____D C:\AdwCleaner
2016-04-17 09:52 - 2016-04-17 09:52 - 00001427 _____ C:\Users\Jen\Desktop\AdwCleaner - Shortcut.lnk
2016-04-17 09:51 - 2016-04-17 09:52 - 03677760 _____ C:\Users\Jen\Downloads\AdwCleaner.exe
2016-04-17 09:47 - 2016-04-17 09:47 - 00018223 _____ C:\Users\Jen\Downloads\avgremover_msilog.txt
2016-04-17 09:43 - 2016-04-17 09:43 - 02540688 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jen\Downloads\avg_remover_stf_x64_2012_1796.exe
2016-04-16 14:44 - 2016-04-16 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-15 16:24 - 2016-04-15 16:24 - 00028193 _____ C:\Users\Jen\Desktop\dds.txt
2016-04-15 16:24 - 2016-04-15 16:24 - 00026168 _____ C:\Users\Jen\Desktop\attach.txt
2016-04-15 16:15 - 2016-04-15 16:17 - 00688992 ____R (Swearware) C:\Users\Jen\Downloads\dds.scr
2016-04-15 14:01 - 2016-04-15 15:56 - 00000225 _____ C:\windows\CryptoMill_CreoService.001
2016-04-15 14:01 - 2016-04-15 15:33 - 00000225 _____ C:\windows\CryptoMill_CreoService.002
2016-04-15 14:01 - 2016-04-15 14:05 - 00000225 _____ C:\windows\CryptoMill_CreoService.003
2016-04-15 14:01 - 2016-04-15 14:01 - 00000225 _____ C:\windows\CryptoMill_CreoService.004
2016-04-15 13:53 - 2016-04-15 13:53 - 00000340 _____ C:\windows\Tasks\0216pizUpdateInfo.job
2016-04-15 13:53 - 2016-04-15 13:53 - 00000000 ____D C:\ProgramData\Avg_Update_0216piz
2016-04-15 13:42 - 2016-04-17 09:48 - 00406274 _____ C:\windows\ntbtlog.txt
2016-04-15 13:41 - 2016-04-15 13:42 - 02895464 _____ (AVG Technologies) C:\Users\Jen\Downloads\AVG_Protection_Free_1115.exe
2016-04-15 13:40 - 2016-04-15 13:40 - 00002368 _____ C:\Users\Jen\Documents\cc_20160415_134018.reg
2016-04-15 13:39 - 2016-04-15 13:39 - 06868672 _____ (Piriform Ltd) C:\Users\Jen\Downloads\ccsetup516.exe
2016-04-15 13:37 - 2016-04-15 13:37 - 00000294 _____ C:\windows\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-04-15 13:36 - 2016-04-15 13:36 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-15 13:36 - 2016-04-15 13:36 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-15 13:35 - 2016-04-15 13:35 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d1973d31a19036.job
2016-04-15 13:29 - 2016-04-15 13:29 - 00000000 ____D C:\Users\Jen\AppData\Local\ElevatedDiagnostics
2016-04-15 13:24 - 2016-04-15 13:26 - 06871040 _____ C:\Program Files (x86)\GUTCCE2.tmp
2016-04-15 13:24 - 2016-04-15 13:24 - 00987728 _____ (Google Inc.) C:\Users\Jen\Downloads\ChromeSetup(2).exe
2016-04-15 13:24 - 2016-04-15 13:24 - 00000000 ____D C:\Program Files (x86)\GUMCCE1.tmp
2016-04-15 13:21 - 2016-04-15 13:37 - 04621272 _____ (Google) C:\Users\Jen\Downloads\chrome_cleanup_tool.exe
2016-04-15 13:13 - 2016-04-15 13:13 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-15 13:13 - 2016-04-15 13:13 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-15 13:11 - 2016-04-15 13:11 - 00243408 _____ C:\Users\Jen\Downloads\Firefox_Setup_38.0.exe
2016-04-15 13:11 - 2016-04-15 13:11 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wow_com
2016-04-15 11:52 - 2016-04-15 11:52 - 00005852 _____ C:\Users\Jen\Desktop\0 .txt
2016-04-15 11:22 - 2016-04-15 16:15 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-15 11:22 - 2016-04-15 11:52 - 06871040 _____ C:\Program Files (x86)\GUT3275.tmp
2016-04-15 11:22 - 2016-04-15 11:22 - 00000000 ____D C:\Program Files (x86)\GUM3274.tmp
2016-04-15 11:18 - 2016-04-15 11:18 - 00005852 _____ C:\Users\Jen\0
2016-04-11 19:49 - 2016-04-11 19:49 - 00002944 _____ C:\Users\Jen\Documents\gwx12.reg
2016-04-11 19:49 - 2016-04-11 19:49 - 00002020 _____ C:\Users\Jen\Documents\gwx11.reg
2016-04-11 19:45 - 2016-04-11 19:45 - 00002072 _____ C:\Users\Jen\Documents\gwx10.reg
2016-04-11 19:44 - 2016-04-11 19:44 - 00003216 _____ C:\Users\Jen\Documents\gwx8.reg
2016-04-11 19:44 - 2016-04-11 19:44 - 00002070 _____ C:\Users\Jen\Documents\gwx9.reg
2016-04-11 19:44 - 2016-04-11 19:44 - 00001892 _____ C:\Users\Jen\Documents\gwx7.reg
2016-04-11 19:43 - 2016-04-11 19:43 - 00004996 _____ C:\Users\Jen\Documents\gwx6.reg
2016-04-11 19:43 - 2016-04-11 19:43 - 00002684 _____ C:\Users\Jen\Documents\gwx4.reg
2016-04-11 19:43 - 2016-04-11 19:43 - 00001876 _____ C:\Users\Jen\Documents\gwx5.reg
2016-04-11 19:42 - 2016-04-11 19:42 - 00003140 _____ C:\Users\Jen\Documents\gwx2.reg
2016-04-11 19:42 - 2016-04-11 19:42 - 00002706 _____ C:\Users\Jen\Documents\gwx3.reg
2016-04-11 19:42 - 2016-04-11 19:42 - 00002588 _____ C:\Users\Jen\Documents\gwx1.reg
2016-04-06 07:44 - 2016-04-06 07:46 - 00000000 ____D C:\AVG_Remover
2016-04-04 08:47 - 2016-04-04 08:47 - 00001808 _____ C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
2016-04-04 08:47 - 2016-04-04 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
2016-04-04 08:47 - 2016-04-04 08:47 - 00000000 ____D C:\Program Files\TRENDnet
2016-04-04 08:47 - 2013-02-09 07:23 - 02341448 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\RTWlanU.sys
2016-04-04 08:47 - 2013-01-30 11:41 - 00430080 _____ (Realtek) C:\windows\SwUSB.exe
2016-04-04 08:47 - 2012-12-14 15:54 - 00036864 _____ () C:\windows\runSW.exe
2016-04-04 07:59 - 2016-04-04 07:59 - 00000000 ____D C:\Users\Jen\Desktop\Trendnet
2016-03-27 13:50 - 2016-03-27 14:31 - 00013131 _____ C:\Users\Jen\Desktop\Copy of Bahamas Order Sheet.xlsx
2016-03-21 21:14 - 2016-03-21 21:18 - 00000000 ____D C:\Users\Jen\Desktop\MISC Items
2016-03-21 12:53 - 2016-04-15 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-19 10:05 - 2016-03-19 10:10 - 46381984 _____ (Google Inc.) C:\Users\Jen\Downloads\ChromeStandaloneSetup.exe
2016-03-19 10:02 - 2016-03-19 10:03 - 00987728 _____ (Google Inc.) C:\Users\Jen\Downloads\ChromeSetup(1).exe
2016-03-19 10:02 - 2016-03-19 10:02 - 00987728 _____ (Google Inc.) C:\Users\Jen\Downloads\ChromeSetup.exe
2016-03-19 08:33 - 2016-04-15 11:57 - 00000000 ____D C:\Users\Jen\AppData\Local\Deployment
2016-03-19 08:33 - 2016-03-19 08:33 - 00000000 ____D C:\Users\Jen\AppData\Local\Apps\2.0
2016-03-18 16:03 - 2016-03-18 16:04 - 02870984 _____ (ESET) C:\Users\Jen\Downloads\esetsmartinstaller_enu (1).exe
2016-03-18 10:13 - 2016-03-18 10:14 - 02870984 _____ (ESET) C:\Users\Jen\Downloads\esetsmartinstaller_enu.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 09:53 - 2009-07-14 01:13 - 00006462 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-17 09:47 - 2014-12-09 17:09 - 00000000 ____D C:\ProgramData\MFAData
2016-04-17 09:45 - 2014-12-09 17:12 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-17 09:43 - 2016-03-14 10:16 - 00000000 ____D C:\Users\Jen\AppData\Local\AvgSetupLog
2016-04-17 09:43 - 2015-12-11 17:31 - 00000000 ____D C:\ProgramData\Avg
2016-04-16 14:44 - 2014-12-09 17:13 - 00000000 ___HD C:\$AVG
2016-04-16 07:53 - 2009-07-14 00:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-16 07:53 - 2009-07-14 00:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-15 16:30 - 2014-12-09 17:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-15 16:16 - 2014-03-24 04:58 - 00000000 ____D C:\ProgramData\PDFC
2016-04-15 16:13 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-15 15:54 - 2016-03-11 09:12 - 00000000 ____D C:\windows\pss
2016-04-15 14:08 - 2014-12-09 17:10 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-15 14:01 - 2014-12-09 17:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-15 13:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-04-15 13:45 - 2014-12-09 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-15 13:45 - 2014-12-09 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-15 13:39 - 2016-03-11 11:12 - 00000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-15 13:36 - 2014-12-09 17:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-15 13:13 - 2014-12-09 17:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-15 11:18 - 2014-12-09 15:31 - 00000000 ____D C:\Users\Jen
2016-04-15 11:17 - 2014-03-24 04:57 - 00000225 _____ C:\windows\CryptoMill_CreoService.005
2016-04-11 19:34 - 2015-08-04 03:40 - 00000000 ___SD C:\windows\system32\GWX.old
2016-04-05 22:01 - 2011-02-11 16:29 - 00777348 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-04-04 18:05 - 2016-01-08 03:04 - 00000000 ____D C:\Users\Jen\Desktop\backups
2016-04-04 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\windows\Registration
2016-04-04 08:10 - 2014-03-24 04:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-30 11:11 - 2015-01-24 16:26 - 00000000 ____D C:\Users\Jen\Desktop\Schedules
2016-03-27 22:35 - 2015-01-24 16:26 - 00000000 ____D C:\Users\Jen\Desktop\Food Orders
2016-03-27 13:30 - 2015-04-17 11:10 - 00000000 ____D C:\Users\Jen\Desktop\FOH Forms
2016-03-24 11:11 - 2015-09-09 13:43 - 00000000 ____D C:\Users\Jen\Desktop\MENUS
2016-03-22 08:54 - 2016-03-11 17:18 - 00000000 ____D C:\ProgramData\Avg_Update_0316tb
2016-03-21 21:16 - 2015-01-24 16:27 - 00000000 ____D C:\Users\Jen\Desktop\Orientation Info
2016-03-21 21:14 - 2016-01-05 11:50 - 00000000 ____D C:\Users\Jen\Desktop\JEN
2016-03-21 10:20 - 2015-09-09 13:43 - 00000000 ____D C:\Users\Jen\Desktop\COTTAGE LIST
2016-03-19 09:56 - 2016-03-11 10:45 - 00000000 ____D C:\windows\system32\appmgmt

==================== Files in the root of some directories =======

2016-04-15 11:22 - 2016-04-15 11:52 - 6871040 _____ () C:\Program Files (x86)\GUT3275.tmp
2016-04-15 13:24 - 2016-04-15 13:26 - 6871040 _____ () C:\Program Files (x86)\GUTCCE2.tmp
2015-01-22 18:16 - 2015-01-22 18:16 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Jen\AppData\Local\Temp\libeay32.dll
C:\Users\Jen\AppData\Local\Temp\msvcr120.dll
C:\Users\Jen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-08 00:40

==================== End of FRST.txt ============================
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello tcdoriot. It appears you ran the tools in Safe Mode. Please run tools in Normal Mode.

It also appears you ran FRST first, then AdwCleaner.

I wanted AdwCleaner to be run first, then FRST. Please follow the instructions in order. Thanks.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

http://pcsupport.about.com/od/windows7/ht/system-repair-disc-windows-7.htm

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: C:\windows\Tasks\0216pizUpdateInfo.job => C:\ProgramData\Avg_Update_0216piz\0216piz_AVG-Secure-Search-Update.exe
    Task: C:\windows\Tasks\0316tbUpdateInfo.job => C:\ProgramData\Avg_Update_0316tb\0316tb_{26D81DFB-491B-4A61-B298-A5BA30C8E275}.exe
    Task: C:\windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Jen\Downloads\chrome_cleanup_tool.exe
    C:\ProgramData\Avg_Update_0216piz
    C:\ProgramData\Avg_Update_0316tb
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-4205856661-1225364214-319147729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
    SearchScopes: HKU\S-1-5-21-4205856661-1225364214-319147729-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-22] (AVG)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-10] (AVG Secure Search)
    FF SelectedSearchEngine: AVG Secure Search
    FF Homepage: hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=hp
    FF NetworkProxy: "type", 0
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-02-22]
    S4 vToolbarUpdater40.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-22] (AVG Secure Search)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
    S0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
    S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
    2016-04-17 09:47 - 2016-04-17 09:47 - 00018223 _____ C:\Users\Jen\Downloads\avgremover_msilog.txt
    2016-04-17 09:43 - 2016-04-17 09:43 - 02540688 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jen\Downloads\avg_remover_stf_x64_2012_1796.exe
    2016-04-16 14:44 - 2016-04-16 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-04-15 13:11 - 2016-04-15 13:11 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wow_com
    2016-04-17 09:47 - 2014-12-09 17:09 - 00000000 ____D C:\ProgramData\MFAData
    2016-04-17 09:45 - 2014-12-09 17:12 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-04-17 09:43 - 2016-03-14 10:16 - 00000000 ____D C:\Users\Jen\AppData\Local\AvgSetupLog
    2016-04-17 09:43 - 2015-12-11 17:31 - 00000000 ____D C:\ProgramData\Avg
    2016-04-16 14:44 - 2014-12-09 17:13 - 00000000 ___HD C:\$AVG
    Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter #6
Here is the fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by Jen (2016-04-18 09:07:56) Run:1
Running from C:\Users\Jen\Desktop
Loaded Profiles: Jen (Available Profiles: Jen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: C:\windows\Tasks\0216pizUpdateInfo.job => C:\ProgramData\Avg_Update_0216piz\0216piz_AVG-Secure-Search-Update.exe
Task: C:\windows\Tasks\0316tbUpdateInfo.job => C:\ProgramData\Avg_Update_0316tb\0316tb_{26D81DFB-491B-4A61-B298-A5BA30C8E275}.exe
Task: C:\windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Jen\Downloads\chrome_cleanup_tool.exe
C:\ProgramData\Avg_Update_0216piz
C:\ProgramData\Avg_Update_0316tb
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-4205856661-1225364214-319147729-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
SearchScopes: HKU\S-1-5-21-4205856661-1225364214-319147729-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-22] (AVG)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-10] (AVG Secure Search)
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://mysearch.avg.com?cid={9EBA40E5-75F5-4878-B5CD-F301D903A58A}&mid=fd0e499eb1fa47cd90d54dff120e5552-534cb2addcf3ceba314a5cc44bc7dd9f980b0665&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-12-10 09:26:17&v=4.0.5.7&pid=wtu&sg=&sap=hp
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-02-22]
S4 vToolbarUpdater40.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-22] (AVG Secure Search)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
S0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
2016-04-17 09:47 - 2016-04-17 09:47 - 00018223 _____ C:\Users\Jen\Downloads\avgremover_msilog.txt
2016-04-17 09:43 - 2016-04-17 09:43 - 02540688 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jen\Downloads\avg_remover_stf_x64_2012_1796.exe
2016-04-16 14:44 - 2016-04-16 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-15 13:11 - 2016-04-15 13:11 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wow_com
2016-04-17 09:47 - 2014-12-09 17:09 - 00000000 ____D C:\ProgramData\MFAData
2016-04-17 09:45 - 2014-12-09 17:12 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-17 09:43 - 2016-03-14 10:16 - 00000000 ____D C:\Users\Jen\AppData\Local\AvgSetupLog
2016-04-17 09:43 - 2015-12-11 17:31 - 00000000 ____D C:\ProgramData\Avg
2016-04-16 14:44 - 2014-12-09 17:13 - 00000000 ___HD C:\$AVG
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
C:\windows\Tasks\0216pizUpdateInfo.job => moved successfully
C:\windows\Tasks\0316tbUpdateInfo.job => moved successfully
C:\windows\Tasks\Chrome Cleanup Tool logs upload retry.job => not found.
C:\ProgramData\Avg_Update_0216piz => moved successfully
"C:\ProgramData\Avg_Update_0316tb" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value removed successfully
HKU\S-1-5-21-4205856661-1225364214-319147729-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4205856661-1225364214-319147729-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => key not found.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found.
FF SelectedSearchEngine: AVG Secure Search => not found
Firefox "homepage" removed successfully
Firefox Proxy settings were reset.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
vToolbarUpdater40.2.6 => service not found.
Avgloga => service removed successfully
avguniva => Unable to stop service.
avguniva => service removed successfully
AVGIDSHA => service removed successfully
C:\Users\Jen\Downloads\avgremover_msilog.txt => moved successfully
C:\Users\Jen\Downloads\avg_remover_stf_x64_2012_1796.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG => moved successfully
C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wow_com => moved successfully
C:\ProgramData\MFAData => moved successfully

"C:\Program Files (x86)\AVG" folder move:

Could not move "C:\Program Files (x86)\AVG" => Scheduled to move on reboot.

C:\Users\Jen\AppData\Local\AvgSetupLog => moved successfully
C:\ProgramData\Avg => moved successfully
C:\$AVG => moved successfully

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

EmptyTemp: => 418.9 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-18 10:37:12)

C:\Program Files (x86)\AVG => Is moved successfully

==== End of Fixlog 10:37:12 ====
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, tcdoriot. How is the machine behaving? Any improvement?

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter #8
Hello Chemist

Thank you for all your help. The computer is still not shutting down or restarting. I am running the combofix now and I will post after it is done.
 

·
Registered
Joined
·
24 Posts
Discussion Starter #9
I tried to run the combofix overnight and it stalled at "attempting to create a new System Restore Point" I went to bed a midnight and when I got up at 7 am it was still there. When I brought up the task manager it was showing as running. Windows Defender is stopped and there are no anti spyware programs running
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, tcdoriot. You're very welcome. We need to dig deeper.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
------------------------------------------------------

Go Start > Run and copy/paste the following into the Run box and click OK:

cmd /c net start >log.txt&log.txt&del log.txt

A DOS window will open and close. This is normal.

A Notepad file should open. Please post the contents of the log here.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter #11
Here they are:


Farbar Service Scanner Version: 27-01-2016
Ran by Jen (administrator) on 19-04-2016 at 14:15:00
Running from "C:\Users\Jen\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****




These Windows services are started:

Absolute Software Agent Service
AMD External Events Utility
Andrea RT Filters Service
Application Experience
Application Information
Background Intelligent Transfer Service
Base Filtering Engine
Bonjour Service
Certificate Propagation
CNG Key Isolation
COM+ Event System
Computer Browser
Cryptographic Services
CyberLink PowerDVD 12 Media Server Monitor Service
CyberLink PowerDVD 12 Media Server Service
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostics Tracking Service
DigitalPersona Authentication Service
Distributed Link Tracking Client
DNS Client
Extensible Authentication Protocol
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Provider
HP Device Access Manager Usage Service
HP File Sanitizer
HP Trust Circles Service
Human Interface Device Access
IKE and AuthIP IPsec Keying Modules
Intel(R) Capability Licensing Service Interface
Intel(R) Dynamic Application Loader Host Interface Service
Intel(R) Management and Security Application Local Management Service
Intel(R) ME Service
IP Helper
IPsec Policy Agent
Microsoft Antimalware Service
Microsoft Office ClickToRun Service
Microsoft Software Shadow Copy Provider
Multimedia Class Scheduler
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Offline Files
PDF Document Manager
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
QBCFMonitorService
QBIDPService
Realtek Audio Service
Remote Desktop Configuration
Remote Desktop Services
Remote Desktop Services UserMode Port Redirector
Remote Procedure Call (RPC)
RPC Endpoint Mapper
SAS Core Service
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Smart Card
Software Protection
SPP Notification Service
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
TeamViewer 9
Themes
User Profile Service
Volume Shadow Copy
Windows Audio
Windows Audio Endpoint Builder
Windows Backup
Windows Connect Now - Config Registrar
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation

The command completed successfully.
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, tcdoriot. What happens when you select Shutdown or Restart?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
 

·
Registered
Joined
·
24 Posts
Discussion Starter #13
When I click shutdown or restart the the computer appears to hang when the words "shutting down" appear..

I will post the logs when they are finished
 

·
Registered
Joined
·
24 Posts
Discussion Starter #14
here is the malewarebytes log...I don't have any external drives attached to this computer, should I still run EST?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2016
Scan Time: 1:41 PM
Logfile: mwb.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.20.05
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375934
Time Elapsed: 5 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

·
Registered
Joined
·
24 Posts
Discussion Starter #15
Here are the logs

EST:

C:\Users\Jen\AppData\Roaming\Wow_com\CreateShortcut.dll a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Users\Jen\Downloads\ccsetup515.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Jen\Downloads\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


Malewarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2016
Scan Time: 1:41 PM
Logfile: mwb.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.20.05
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375934
Time Elapsed: 5 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, tcdoriot. In Normal Mode, please run FRST64.exe again and post/attach the FRST.txt/Addition.txt logs as before. Thanks.

Make sure you tick the Addition.txt box before clicking 'Scan'.

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter #17
Here they are:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by Jen (administrator) on JEN-HP (20-04-2016 23:46:52)
Running from C:\Users\Jen\Desktop
Loaded Profiles: Jen (Available Profiles: Jen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CF7D46E1-3CF2-49E2-9C56-8096C197A162}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-4205856661-1225364214-319147729-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-17] (Hewlett-Packard)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jen\Application Data\Mozilla\Firefox\Profiles\dkf33d6x.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-11-21] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-4205856661-1225364214-319147729-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jen\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-12] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-03-24] [not signed]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Sheets) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-03-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (HP Client Security Manager) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
CHR Profile: C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (US Weather Radar) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2015-03-29]
CHR Extension: (Entanglement Web App) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-03-29]
CHR Extension: (OneNote Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciniambnphakdoflgeamacamhfllbkmo [2016-02-05]
CHR Extension: (Photoshop 4U) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\damhoidgnfbiidoiajljbdpgnojmemlf [2015-10-14]
CHR Extension: (YOU.DJ app) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2016-03-10]
CHR Extension: (Invoice2go) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmjkikjpbpaehaclfdkmjdofdgodaakp [2016-01-15]
CHR Extension: (Google Calendar) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Pandora) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-03-29]
CHR Extension: (Zoho Show) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiicmodaknllfjlmeempmdcnoljgbpmi [2015-03-29]
CHR Extension: (Word Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2016-02-05]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-02-01]
CHR Extension: (Full Screen Weather) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-22]
CHR Extension: (The QR Code Generator) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-01-15]
CHR Extension: (Ultimate Fonts) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbjdlaifgnadeanlpdipkcdfjoonkehh [2015-03-29]
CHR Extension: (Old Maps Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ildefchbaikbajjccfmamfppgciacekl [2015-03-29]
CHR Extension: (Excel Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2016-02-05]
CHR Extension: (Barcode Generator) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilkhkkdihamgncpphbkidijapnccgbmp [2016-01-15]
CHR Extension: (theHunter) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jangaedeekciafhlanphhnalogmhefmo [2015-03-29]
CHR Extension: (Google Forms) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-09-10]
CHR Extension: (Yesware Reports) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kiciehannidbjakcefendokamkjnolhg [2015-03-29]
CHR Extension: (Build with Chrome) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf [2015-03-29]
CHR Extension: (Evernote Web) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-02-02]
CHR Extension: (Floor plans and interior design) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcafejemebbngbglfoinpoaannbihjna [2015-03-29]
CHR Extension: (Rain Alarm) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\meaikaglpfemjncbioflellmppndgmok [2016-02-02]
CHR Extension: (Google Play Books) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-02-03]
CHR Extension: (WGT Golf Game) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2015-03-29]
CHR Extension: (Google I/O: input/output) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbmphclbekipaojhpbkbofoioffecilh [2015-03-29]
CHR Extension: (HP Client Security Manager) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2015-03-27]
CHR Extension: (OneDrive) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-02-05]
CHR Extension: (SendHub - Business Phone System) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlijkadphehijfiiigjeklnlnknmmped [2015-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Floor Plan Creator) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogbnemfckmdpkeeccieeahplnemmbcfg [2015-03-29]
CHR Extension: (Viewster - Watch Free Movies Online) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2015-03-29]
CHR Extension: (Outlook.com) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2016-01-25]
CHR Extension: (Psykopaint) - C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-03-12] (Citrix Systems, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-09] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-09] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S4 RunSwUSB; C:\Windows\runSW.exe [36864 2012-12-14] () [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-24] (Microsoft Corporation)
S4 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-20] (Intel Corporation)
R3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [401368 2013-09-30] (CryptoMill Technologies Inc.)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-08-22] (WinMagic Inc.)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2341448 2013-02-09] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [228544 2013-08-22] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131264 2013-08-22] (WinMagic Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 14:54 - 2016-04-20 14:54 - 00000656 _____ C:\Users\Jen\Desktop\est.txt
2016-04-20 13:52 - 2016-04-20 13:52 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-20 13:51 - 2016-04-20 13:51 - 02870984 _____ (ESET) C:\Users\Jen\Downloads\esetsmartinstaller_enu (2).exe
2016-04-20 13:48 - 2016-04-20 13:48 - 00001049 _____ C:\Users\Jen\Desktop\mwb.txt
2016-04-19 14:15 - 2016-04-19 14:15 - 00003003 _____ C:\Users\Jen\Desktop\FSS.txt
2016-04-19 14:14 - 2016-04-19 14:14 - 00899584 _____ (Farbar) C:\Users\Jen\Desktop\FSS.exe
2016-04-18 22:22 - 2016-04-18 22:32 - 00000000 ___SD C:\ComboFix
2016-04-18 14:57 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe
2016-04-18 14:57 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe
2016-04-18 14:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-04-18 14:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-04-18 14:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-04-18 14:57 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe
2016-04-18 14:57 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe
2016-04-18 14:57 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe
2016-04-18 14:56 - 2016-04-18 14:57 - 00000000 ____D C:\Qoobox
2016-04-18 14:56 - 2016-04-18 14:56 - 00000000 ____D C:\windows\erdnt
2016-04-18 14:54 - 2016-04-18 14:54 - 05660069 ____R (Swearware) C:\Users\Jen\Desktop\ComboFix.exe
2016-04-18 14:53 - 2016-04-18 14:54 - 05660069 _____ (Swearware) C:\Users\Jen\Downloads\ComboFix.exe
2016-04-18 09:07 - 2016-04-18 10:37 - 00007947 _____ C:\Users\Jen\Desktop\Fixlog.txt
2016-04-18 08:54 - 2016-04-18 09:06 - 00030235 _____ C:\Users\Jen\Desktop\Addition.txt
2016-04-18 08:53 - 2016-04-18 08:54 - 03683904 _____ C:\Users\Jen\Downloads\adwcleaner_5.112.exe
2016-04-18 08:52 - 2016-04-20 23:47 - 00023443 _____ C:\Users\Jen\Desktop\FRST.txt
2016-04-18 07:12 - 2016-04-18 07:13 - 03683904 _____ C:\Users\Jen\Desktop\adwcleaner_5.112.exe
2016-04-17 09:59 - 2016-04-17 10:00 - 02375168 _____ (Farbar) C:\Users\Jen\Downloads\FRST64 (1).exe
2016-04-17 09:59 - 2016-04-17 09:59 - 03677760 _____ C:\Users\Jen\Downloads\AdwCleaner (1).exe
2016-04-17 09:55 - 2016-04-17 09:55 - 00034468 _____ C:\Users\Jen\Downloads\Addition.txt
2016-04-17 09:54 - 2016-04-20 23:46 - 00000000 ____D C:\FRST
2016-04-17 09:54 - 2016-04-17 09:55 - 00035325 _____ C:\Users\Jen\Downloads\FRST.txt
2016-04-17 09:54 - 2016-04-17 09:54 - 00001389 _____ C:\Users\Jen\Desktop\FRST64 - Shortcut.lnk
2016-04-17 09:53 - 2016-04-18 07:15 - 00000000 ____D C:\AdwCleaner
2016-04-17 09:53 - 2016-04-17 09:53 - 02375168 _____ (Farbar) C:\Users\Jen\Desktop\FRST64.exe
2016-04-17 09:52 - 2016-04-17 09:52 - 00001427 _____ C:\Users\Jen\Desktop\AdwCleaner - Shortcut.lnk
2016-04-15 16:15 - 2016-04-15 16:17 - 00688992 ____R (Swearware) C:\Users\Jen\Downloads\dds.scr
2016-04-15 14:01 - 2016-04-18 22:20 - 00000225 _____ C:\windows\CryptoMill_CreoService.001
2016-04-15 14:01 - 2016-04-18 22:08 - 00000225 _____ C:\windows\CryptoMill_CreoService.002
2016-04-15 14:01 - 2016-04-18 14:44 - 00000225 _____ C:\windows\CryptoMill_CreoService.003
2016-04-15 14:01 - 2016-04-18 10:32 - 00000225 _____ C:\windows\CryptoMill_CreoService.004
2016-04-15 13:42 - 2016-04-17 09:48 - 00406274 _____ C:\windows\ntbtlog.txt
2016-04-15 13:41 - 2016-04-15 13:42 - 02895464 _____ (AVG Technologies) C:\Users\Jen\Downloads\AVG_Protection_Free_1115.exe
2016-04-15 13:40 - 2016-04-15 13:40 - 00002368 _____ C:\Users\Jen\Documents\cc_20160415_134018.reg
2016-04-15 13:39 - 2016-04-15 13:39 - 06868672 _____ (Piriform Ltd) C:\Users\Jen\Downloads\ccsetup516.exe
2016-04-15 13:36 - 2016-04-15 13:36 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-15 13:36 - 2016-04-15 13:36 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-15 13:35 - 2016-04-15 13:35 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d1973d31a19036.job
2016-04-15 13:29 - 2016-04-15 13:29 - 00000000 ____D C:\Users\Jen\AppData\Local\ElevatedDiagnostics
2016-04-15 13:24 - 2016-04-15 13:26 - 06871040 _____ C:\Program Files (x86)\GUTCCE2.tmp
2016-04-15 13:24 - 2016-04-15 13:24 - 00987728 _____ (Google Inc.) C:\Users\Jen\Downloads\ChromeSetup(2).exe
2016-04-15 13:24 - 2016-04-15 13:24 - 00000000 ____D C:\Program Files (x86)\GUMCCE1.tmp
2016-04-15 13:21 - 2016-04-15 13:37 - 04621272 _____ (Google) C:\Users\Jen\Downloads\chrome_cleanup_tool.exe
2016-04-15 13:13 - 2016-04-15 13:13 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-15 13:13 - 2016-04-15 13:13 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-15 13:11 - 2016-04-15 13:11 - 00243408 _____ C:\Users\Jen\Downloads\Firefox_Setup_38.0.exe
2016-04-15 11:22 - 2016-04-20 10:18 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-15 11:22 - 2016-04-15 11:52 - 06871040 _____ C:\Program Files (x86)\GUT3275.tmp
2016-04-15 11:22 - 2016-04-15 11:22 - 00000000 ____D C:\Program Files (x86)\GUM3274.tmp
2016-04-15 11:18 - 2016-04-15 11:18 - 00005852 _____ C:\Users\Jen\0
2016-04-11 19:49 - 2016-04-11 19:49 - 00002944 _____ C:\Users\Jen\Documents\gwx12.reg
2016-04-11 19:49 - 2016-04-11 19:49 - 00002020 _____ C:\Users\Jen\Documents\gwx11.reg
2016-04-11 19:45 - 2016-04-11 19:45 - 00002072 _____ C:\Users\Jen\Documents\gwx10.reg
2016-04-11 19:44 - 2016-04-11 19:44 - 00003216 _____ C:\Users\Jen\Documents\gwx8.reg
2016-04-11 19:44 - 2016-04-11 19:44 - 00002070 _____ C:\Users\Jen\Documents\gwx9.reg
2016-04-11 19:44 - 2016-04-11 19:44 - 00001892 _____ C:\Users\Jen\Documents\gwx7.reg
2016-04-11 19:43 - 2016-04-11 19:43 - 00004996 _____ C:\Users\Jen\Documents\gwx6.reg
2016-04-11 19:43 - 2016-04-11 19:43 - 00002684 _____ C:\Users\Jen\Documents\gwx4.reg
2016-04-11 19:43 - 2016-04-11 19:43 - 00001876 _____ C:\Users\Jen\Documents\gwx5.reg
2016-04-11 19:42 - 2016-04-11 19:42 - 00003140 _____ C:\Users\Jen\Documents\gwx2.reg
2016-04-11 19:42 - 2016-04-11 19:42 - 00002706 _____ C:\Users\Jen\Documents\gwx3.reg
2016-04-11 19:42 - 2016-04-11 19:42 - 00002588 _____ C:\Users\Jen\Documents\gwx1.reg
2016-04-06 07:44 - 2016-04-06 07:46 - 00000000 ____D C:\AVG_Remover
2016-04-04 08:47 - 2016-04-04 08:47 - 00001808 _____ C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
2016-04-04 08:47 - 2016-04-04 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
2016-04-04 08:47 - 2016-04-04 08:47 - 00000000 ____D C:\Program Files\TRENDnet
2016-04-04 08:47 - 2013-02-09 07:23 - 02341448 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\RTWlanU.sys
2016-04-04 08:47 - 2013-01-30 11:41 - 00430080 _____ (Realtek) C:\windows\SwUSB.exe
2016-04-04 08:47 - 2012-12-14 15:54 - 00036864 _____ () C:\windows\runSW.exe
2016-04-04 07:59 - 2016-04-04 07:59 - 00000000 ____D C:\Users\Jen\Desktop\Trendnet
2016-03-27 13:50 - 2016-03-27 14:31 - 00013131 _____ C:\Users\Jen\Desktop\Copy of Bahamas Order Sheet.xlsx
2016-03-21 21:14 - 2016-03-21 21:18 - 00000000 ____D C:\Users\Jen\Desktop\MISC Items
2016-03-21 12:53 - 2016-04-15 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-20 23:30 - 2014-12-09 17:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-20 22:20 - 2009-07-14 00:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-20 22:20 - 2009-07-14 00:45 - 00027568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-20 13:41 - 2014-12-09 17:10 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-20 10:21 - 2009-07-14 01:13 - 00006462 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-20 10:18 - 2014-03-24 04:58 - 00000000 ____D C:\ProgramData\PDFC
2016-04-20 10:16 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-19 14:17 - 2014-12-09 15:31 - 00000000 ____D C:\Users\Jen
2016-04-18 22:09 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-04-18 09:18 - 2015-06-11 15:50 - 00000000 ____D C:\Users\Jen\AppData\LocalLow\Temp
2016-04-18 08:48 - 2014-03-24 04:57 - 00000225 _____ C:\windows\CryptoMill_CreoService.005
2016-04-15 15:54 - 2016-03-11 09:12 - 00000000 ____D C:\windows\pss
2016-04-15 14:01 - 2014-12-09 17:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-15 13:45 - 2014-12-09 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-15 13:45 - 2014-12-09 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-15 13:39 - 2016-03-11 11:12 - 00000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-15 13:36 - 2014-12-09 17:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-15 13:13 - 2014-12-09 17:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-15 11:57 - 2016-03-19 08:33 - 00000000 ____D C:\Users\Jen\AppData\Local\Deployment
2016-04-11 19:34 - 2015-08-04 03:40 - 00000000 ___SD C:\windows\system32\GWX.old
2016-04-05 22:01 - 2011-02-11 16:29 - 00777348 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-04-04 18:05 - 2016-01-08 03:04 - 00000000 ____D C:\Users\Jen\Desktop\backups
2016-04-04 18:05 - 2009-07-13 23:20 - 00000000 ____D C:\windows\Registration
2016-04-04 08:10 - 2014-03-24 04:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-30 11:11 - 2015-01-24 16:26 - 00000000 ____D C:\Users\Jen\Desktop\Schedules
2016-03-27 22:35 - 2015-01-24 16:26 - 00000000 ____D C:\Users\Jen\Desktop\Food Orders
2016-03-27 13:30 - 2015-04-17 11:10 - 00000000 ____D C:\Users\Jen\Desktop\FOH Forms
2016-03-24 11:11 - 2015-09-09 13:43 - 00000000 ____D C:\Users\Jen\Desktop\MENUS
2016-03-21 21:16 - 2015-01-24 16:27 - 00000000 ____D C:\Users\Jen\Desktop\Orientation Info
2016-03-21 21:14 - 2016-01-05 11:50 - 00000000 ____D C:\Users\Jen\Desktop\JEN
2016-03-21 10:20 - 2015-09-09 13:43 - 00000000 ____D C:\Users\Jen\Desktop\COTTAGE LIST

==================== Files in the root of some directories =======

2016-04-15 11:22 - 2016-04-15 11:52 - 6871040 _____ () C:\Program Files (x86)\GUT3275.tmp
2016-04-15 13:24 - 2016-04-15 13:26 - 6871040 _____ () C:\Program Files (x86)\GUTCCE2.tmp
2015-01-22 18:16 - 2015-01-22 18:16 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 08:15

==================== End of FRST.txt ============================
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, tcdoriot.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    ShortcutWithArgument: C:\Users\Jen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
    ShortcutWithArgument: C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
    FirewallRules: [{0870A790-8D1D-4D99-A6DA-052400A8B623}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{3C89AA72-B637-421B-BCC9-D9067FE5638C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{7A882FD3-EF6F-437D-B55D-DC69E309296A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{3CF78CC9-5975-4B91-BBEB-BEA1D2ACEF2F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    C:\Users\Jen\AppData\Roaming\Wow_com\CreateShortcut.dll
    C:\Users\Jen\Downloads\ccsetup515.exe
    C:\Users\Jen\Downloads\ccsetup516.exe
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
 

·
Registered
Joined
·
24 Posts
Discussion Starter #19
Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by Jen (2016-04-21 15:32:54) Run:2
Running from C:\Users\Jen\Desktop
Loaded Profiles: Jen (Available Profiles: Jen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
ShortcutWithArgument: C:\Users\Jen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
ShortcutWithArgument: C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=121&s_chn2=0Dzz0E0BzyyBtByDyD0ByC0ByD0C0D0A2RtBtDtCyCtDyEtCyDtCtAtCtDyDyCtAtDtC
FirewallRules: [{0870A790-8D1D-4D99-A6DA-052400A8B623}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3C89AA72-B637-421B-BCC9-D9067FE5638C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7A882FD3-EF6F-437D-B55D-DC69E309296A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3CF78CC9-5975-4B91-BBEB-BEA1D2ACEF2F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
C:\Users\Jen\AppData\Roaming\Wow_com\CreateShortcut.dll
C:\Users\Jen\Downloads\ccsetup515.exe
C:\Users\Jen\Downloads\ccsetup516.exe
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
C:\Users\Jen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk => Shortcut argument removed successfully.
C:\Users\Jen\Application Data\Microsoft\Internet Explorer\Quick Launch\Wow HomePage.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0870A790-8D1D-4D99-A6DA-052400A8B623} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3C89AA72-B637-421B-BCC9-D9067FE5638C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A882FD3-EF6F-437D-B55D-DC69E309296A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CF78CC9-5975-4B91-BBEB-BEA1D2ACEF2F} => value removed successfully
C:\Users\Jen\AppData\Roaming\Wow_com\CreateShortcut.dll => moved successfully
C:\Users\Jen\Downloads\ccsetup515.exe => moved successfully
C:\Users\Jen\Downloads\ccsetup516.exe => moved successfully
EmptyTemp: => 360 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:43:01 ====
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello again, tcdoriot. I'm not seeing the cause of the restart/shutdown problem in your logs.

What happens if you try to turn on System Restore?

Turn on System Restore by clicking Start > Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

Let me know what happens. Any error messages if it didn't turn on?

------------------------------------------------------
 
1 - 20 of 31 Posts
Status
Not open for further replies.
Top