Infection blocked: s.vb3k.comcrossdomain.xml

system · January 9, 2015, 2:50pm

My Avast kept popping up with this message. It started last night. I went to the command prompt and followed the directory/file path and was there. I did follow the instructions provided and obtained the logs. Please let me know what to do.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/9/2015
Scan Time: 7:51:10 AM
Logfile: MalwarebytesScan01092015at7_12am.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.09
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cathie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323641
Time Elapsed: 13 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 4
IPH.Trojan.Clicker.W7, C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll, Delete-on-Reboot, [8fcea64f365373c3a634db25619f7888],
IPH.Trojan.Clicker.W7, C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll, Delete-on-Reboot, [8fcea64f365373c3a634db25619f7888],
IPH.Trojan.Clicker.W7, C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll, Delete-on-Reboot, [8fcea64f365373c3a634db25619f7888],
IPH.Trojan.Clicker.W7, C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll, Delete-on-Reboot, [8fcea64f365373c3a634db25619f7888],

Registry Keys: 5
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [4716ca2bfa8f49ede36dbf2926de8e72],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [5b0218ddbccde0560b4514d4ce361ce4],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-2451969527-1795390179-688844371-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [66f708ed286162d497ba51978084ac54],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2451969527-1795390179-688844371-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [ee6f30c594f5fc3ad917d1db927102fe],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2451969527-1795390179-688844371-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [17460bea9bee979f94725a69e4208a76],

Registry Values: 3
IPH.Trojan.Clicker.W7, HKU\S-1-5-21-2451969527-1795390179-688844371-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|auwqpomw, regsvr32.exe /s “C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll”, Quarantined, [8fcea64f365373c3a634db25619f7888]
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Astromenda, Quarantined, [3a23896c474280b6da201dd0867e23dd]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2451969527-1795390179-688844371-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, Quarantined, [17460bea9bee979f94725a69e4208a76]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
IPH.Trojan.Clicker.W7, C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll, Delete-on-Reboot, [8fcea64f365373c3a634db25619f7888],

Physical Sectors: 0
(No malicious items detected)

(end)

essexboy · January 9, 2015, 2:59pm

Could you attach the FRST logs please

system · January 9, 2015, 3:07pm

ok it says I exceed the maximum allowed length…what should I do?

system · January 9, 2015, 3:12pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Cathie (administrator) on CATHIE-PC on 09-01-2015 08:23:01
Running from C:\Users\Cathie\Downloads
Loaded Profile: Cathie (Available profiles: Cathie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\Windows\SysWOW64\ASGT.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Curse) C:\Users\Cathie\AppData\Local\Apps\2.0\AQ8GCM0K.2NY\4NL48CGD.TTC\curs…tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [Nvtmru] => “C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe”
HKLM.…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM.…\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32.…\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-05-17] (NCSOFT Corporation)
HKLM-x32.…\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32.…\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32.…\Run: =>
HKU\S-1-5-21-2451969527-1795390179-688844371-1000.…\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk → C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Cathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc089
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2451969527-1795390179-688844371-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-2451969527-1795390179-688844371-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-2451969527-1795390179-688844371-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2451969527-1795390179-688844371-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc089
URLSearchHook: HKU\S-1-5-21-2451969527-1795390179-688844371-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir=
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir=
SearchScopes: HKLM-x32 → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2451969527-1795390179-688844371-1000 → DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2451969527-1795390179-688844371-1000 → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir=
SearchScopes: HKU\S-1-5-21-2451969527-1795390179-688844371-1000 → {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: &Yahoo! Toolbar Helper → {02478D38-C3F9-4efb-9B51-7695ECA05670} → C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer → {0347C33E-8762-4905-BF09-768834316C61} → C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: SingleInstance Class → {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} → C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class → {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} → C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

First page of 3

system · January 9, 2015, 3:13pm

FireFox:

FF Plugin: @microsoft.com/GENUINE → disabled No File
FF Plugin-x32: @microsoft.com/GENUINE → disabled No File
FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32.…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-15]
FF HKLM-x32.…\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-20]
FF HKU\S-1-5-21-2451969527-1795390179-688844371-1000.…\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:

CHR HomePage: Default → hxxp://astromenda.com/?f=1&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir=
CHR StartupUrls: Default → “https://www.yahoo.com/?fr=hp-avast&type=odc089”, “https://www.yahoo.com/?fr=hp-avast&type=odc089”, “hxxp://astromenda.com/?f=7&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir=”, “https://www.yahoo.com?fr=hp-avast&type=odc089”
CHR DefaultSearchKeyword: Default → www.yahoo.com
CHR DefaultSearchURL: Default → https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default → http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google Search) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (Avast SafePrice) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-04]
CHR Extension: (Avast Online Security) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-15]
CHR Extension: (Gmail) - C:\Users\Cathie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]
CHR HKLM-x32.…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32.…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-12] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-12] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-12] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-12] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-12] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-12] (Avast Software)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
S3 EagleX64; ??\C:\Windows\system32\drivers\EagleX64.sys
R4 IOMap; ??\C:\Windows\system32\drivers\IOMap64.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

2nd Page of 3

essexboy · January 9, 2015, 3:13pm

Attach the logs
When you are creating a post the option do this is on the bottom left

system · January 9, 2015, 3:15pm

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 08:23 - 2015-01-09 08:23 - 00019063 _____ () C:\Users\Cathie\Downloads\FRST.txt
2015-01-09 08:22 - 2015-01-09 08:23 - 00000000 ____D () C:\FRST
2015-01-09 08:22 - 2015-01-09 08:22 - 02124288 _____ (Farbar) C:\Users\Cathie\Downloads\FRST64.exe
2015-01-09 08:20 - 2015-01-09 08:20 - 00003234 _____ () C:\Users\Cathie\Desktop\MalwarebytesScan01092015at7_12am.txt
2015-01-09 08:11 - 2015-01-09 08:11 - 00000197 _____ () C:\Windows\system32\2015-01-09-14-11-20.087-AvastVBoxSVC.exe-3976.log
2015-01-09 07:50 - 2015-01-09 08:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 07:49 - 2015-01-09 07:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-09 07:49 - 2015-01-09 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-09 07:49 - 2015-01-09 07:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 07:49 - 2015-01-09 07:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-09 07:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 07:49 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 07:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 07:47 - 2015-01-09 07:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cathie\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 07:04 - 2015-01-09 07:04 - 00000197 _____ () C:\Windows\system32\2015-01-09-13-04-13.024-AvastVBoxSVC.exe-2984.log
2015-01-08 20:28 - 2015-01-08 20:28 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-08 20:20 - 2015-01-08 20:20 - 00000197 _____ () C:\Windows\system32\2015-01-09-02-20-22.011-AvastVBoxSVC.exe-3040.log
2015-01-02 06:44 - 2015-01-02 06:44 - 00000327 _____ () C:\Users\Cathie\Desktop\HP Printer Diagnostic Tools.url
2014-12-25 03:19 - 2015-01-09 06:56 - 00000000 ____D () C:\Users\Cathie\AppData\Roaming\HpUpdate
2014-12-25 03:19 - 2014-12-25 03:19 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-25 03:17 - 2014-12-12 18:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-25 03:14 - 2014-12-13 04:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-25 03:14 - 2014-12-13 04:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-25 03:14 - 2014-12-13 04:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-25 03:14 - 2014-10-09 11:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-25 03:14 - 2014-10-09 11:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-25 03:14 - 2014-10-09 01:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-25 03:13 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-25 03:13 - 2014-12-13 04:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-25 03:10 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-25 03:10 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-18 04:37 - 2014-12-18 04:37 - 00000197 _____ () C:\Windows\system32\2014-12-18-10-37-44.090-AvastVBoxSVC.exe-2580.log
2014-12-17 21:32 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 21:32 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 16:06 - 2014-12-16 16:07 - 00000197 _____ () C:\Windows\system32\2014-12-16-22-06-56.092-AvastVBoxSVC.exe-1284.log
2014-12-13 03:20 - 2014-12-13 03:21 - 00000197 _____ () C:\Windows\system32\2014-12-13-09-20-26.015-AvastVBoxSVC.exe-2868.log
2014-12-12 11:56 - 2014-12-12 11:56 - 00000247 _____ () C:\Windows\system32\2014-12-12-17-56-32.000-aswFe.exe-3384.log
2014-12-12 11:52 - 2014-12-12 11:56 - 00000247 _____ () C:\Windows\system32\2014-12-12-17-52-12.051-aswFe.exe-1488.log
2014-12-12 11:52 - 2014-12-12 11:52 - 00000197 _____ () C:\Windows\system32\2014-12-12-17-52-06.092-AvastVBoxSVC.exe-3376.log
2014-12-12 11:42 - 2014-12-12 11:42 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-12 11:42 - 2014-12-12 11:42 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-12 08:31 - 2014-12-12 08:31 - 00001970 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-12-12 08:31 - 2014-12-12 08:31 - 00001910 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
2014-12-12 08:31 - 2014-12-12 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-12 08:30 - 2014-12-12 08:30 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-12-12 08:30 - 2014-12-12 08:30 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-12 08:30 - 2014-12-12 08:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-10 17:16 - 2014-12-10 17:16 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 14:14 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 14:14 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 14:14 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 14:14 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 14:14 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 14:14 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 14:14 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 14:14 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 14:14 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 14:14 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 10:16 - 2014-12-10 10:16 - 00001299 _____ () C:\Users\Cathie\Documents\TVOrderfor122014Walmart.txt
2014-12-10 05:20 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 05:20 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 05:20 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 05:20 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 05:20 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 05:20 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 05:20 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 05:20 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 05:20 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 05:20 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 05:20 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 05:20 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 05:20 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 05:20 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 05:20 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 05:20 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 05:20 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 05:19 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 05:19 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 05:19 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 05:19 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 05:19 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 05:19 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 05:19 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 05:19 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 05:19 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 05:19 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 05:19 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 05:19 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 05:19 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 05:19 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 05:19 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 05:19 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 05:19 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 05:19 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 05:19 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 05:19 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 05:19 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 05:19 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 05:19 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 05:19 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 05:19 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 05:19 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 05:19 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 05:19 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 05:19 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 05:19 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 05:19 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 05:19 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 05:19 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 05:19 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 05:19 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 05:19 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 05:19 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 05:19 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 05:19 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 05:19 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 05:19 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 05:19 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 05:19 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 05:19 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 05:19 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 05:19 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 05:19 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 05:19 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 05:19 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 05:19 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 05:19 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 05:19 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 05:19 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 05:19 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 05:19 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 05:19 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 05:19 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 05:19 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 05:19 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 05:19 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 05:19 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 05:19 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 08:16 - 2009-07-13 22:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 08:16 - 2009-07-13 22:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 08:12 - 2014-05-15 13:53 - 01759844 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 08:09 - 2014-05-15 16:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 08:09 - 2014-05-15 16:19 - 00000000 ____D () C:\Users\Cathie\AppData\Local\Deployment
2015-01-09 08:09 - 2009-07-13 22:51 - 00042887 _____ () C:\Windows\setupact.log
2015-01-09 08:08 - 2014-05-15 20:11 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-09 08:08 - 2014-05-15 20:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-09 08:08 - 2014-05-15 16:20 - 00000000 ____D () C:\Users\Cathie\AppData\Local\Google
2015-01-09 08:08 - 2010-11-20 21:47 - 00295064 _____ () C:\Windows\PFRO.log
2015-01-09 08:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 08:04 - 2014-05-15 15:40 - 00000000 ____D () C:\Users\Cathie\AppData\Local\Battle.net
2015-01-09 07:42 - 2014-05-15 16:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 07:39 - 2014-09-08 12:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 07:08 - 2014-12-08 13:08 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CAF01B83-33B4-49CC-BD86-B04C54EBBB18}
2015-01-08 23:48 - 2014-09-08 12:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

system · January 9, 2015, 3:15pm

2015-01-08 23:48 - 2014-09-08 12:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 23:48 - 2014-09-08 12:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-08 09:39 - 2014-05-15 16:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 03:20 - 2014-09-20 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-25 03:20 - 2014-09-20 10:23 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-25 03:17 - 2014-05-15 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-18 21:03 - 2014-05-15 15:42 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-12-13 04:08 - 2014-11-25 17:20 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-13 04:08 - 2014-05-15 20:24 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-13 04:08 - 2014-05-15 20:02 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-13 04:08 - 2014-05-15 20:02 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-12-13 04:08 - 2014-05-15 20:02 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 04:08 - 2014-05-15 20:00 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-13 04:08 - 2014-05-15 20:00 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 04:08 - 2014-05-15 20:00 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 03:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 02:03 - 2014-05-15 20:03 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 02:03 - 2014-05-15 20:03 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 02:03 - 2014-05-15 20:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 02:03 - 2014-05-15 20:03 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 02:03 - 2014-05-15 20:03 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 02:03 - 2014-05-15 20:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 18:12 - 2014-09-20 10:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 18:12 - 2014-09-20 10:00 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-12 18:12 - 2014-05-15 20:20 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 18:12 - 2014-05-15 20:20 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 17:11 - 2014-05-15 20:03 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-12 11:46 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 08:41 - 2014-05-15 16:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 08:31 - 2014-05-15 16:54 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-12 08:30 - 2014-08-07 07:08 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-12-12 08:30 - 2014-05-15 16:55 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-12 08:30 - 2014-05-15 16:54 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-12 08:30 - 2014-05-15 16:54 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-12 08:30 - 2014-05-15 16:54 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-12 08:30 - 2014-05-15 16:54 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-12 08:30 - 2014-05-15 16:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-12 08:30 - 2014-05-15 16:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-10 17:24 - 2014-07-16 11:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 17:16 - 2014-05-17 05:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 17:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 17:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 14:12 - 2014-05-15 15:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net

Some content of TEMP:

C:\Users\Cathie\AppData\Local\Temp\57333uninstall.exe
C:\Users\Cathie\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Cathie\AppData\Local\Temp\ICSW_0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q.exe
C:\Users\Cathie\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Cathie\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Cathie\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 09:24

==================== End Of Log ============================

Sorry it took 4 pages this is #4

system · January 9, 2015, 3:16pm

Ok sorry about that…

essexboy · January 9, 2015, 3:19pm

Did you see my post about attaching

system · January 9, 2015, 3:23pm

Yes I did, but I saw it after I posted : ( did u want me to redo it?

essexboy · January 9, 2015, 3:43pm

Nope I have sufficient data now

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir= SearchScopes: HKU\S-1-5-21-2451969527-1795390179-688844371-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir= SearchScopes: HKU\S-1-5-21-2451969527-1795390179-688844371-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir= CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_secureddownload_14_37_ch&cd=2XzuyEtN2Y1L1QzutDtDtByEzz0CyD0AyC0EyEtByD0ByByDtN0D0Tzu0SzyzztAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzy0B0D0DtCtG0DtCyEtCtGzyyE0FyEtGyCtCyB0AtGyBtC0CtAtAzy0F0FyCyDyC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzy0B0C0E0DtDtAtG0EzyyBtDtGyE0C0E0CtGzytAzy0BtGzz0CyBzy0AyC0C0CtB0E0FyB2Q&cr=874942010&ir= C:\Users\Cathie\AppData\Local\Google\auwqpomw.dll EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

system · January 9, 2015, 4:42pm

Here is the Adware cleaner file

system · January 9, 2015, 4:53pm

10:29 am scan Addition

system · January 9, 2015, 4:54pm

10:29 am scan Frst File

system · January 9, 2015, 5:00pm

I should tell you that the file is still on my harddrive: C:\users\cathie\appdata\locallow\EmieSiteList\mopxxvwqxj\jmnhqcrfgkk\ltfygbsxelo.exe I went to command file to find it…FYI

essexboy · January 9, 2015, 5:48pm

That is a new location, as it is an IE store

Lets kill it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: C:\users\cathie\appdata\locallow\EmieSiteList EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

system · January 9, 2015, 9:05pm

Well I have to say “pure genius”. I am attaching the log from the last procedure you told me to do. I am so happy…thank you, thank you and thank you again. Only two questions remain: It says the files were successfully moved, where were they moved to? The second question is what can I do to repay you?

essexboy · January 9, 2015, 10:12pm

How is the computer behaving now ?

system · January 11, 2015, 4:13am

No problems that I have detected…moving much faster in opening and closing windows. The screen is not flickering any longer and my Avast is not popping up with messages or warnings…Thank you. Seems lame just saying thank you…

Infection blocked: s.vb3k.comcrossdomain.xml

FireFox:

Chrome:

Some content of TEMP:

Announcements