Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp file is growing exponentially can't delete files


  • This topic is locked This topic is locked
5 replies to this topic

#1 Mocha_Frapp

Mocha_Frapp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 February 2015 - 02:21 AM

Recently my friend's computer was infected by multiple viruses/trojans. I have ran multiple scans and security applications[Norton Power Eraser,Malwarebytes, TDSSKiller] and removed most of the problems. However the Temp folders for some reason are creating folders and files and taking up disk space. I can't delete the contents of the folder because of the mass replicating of these folders. My antivirus programs are not picking this trojan/virus and I'm stuck on what to do. Also McAfee won't complete because the files keep growing making the scan unable to finish. I'm hoping your guys expertise will help my friends computer get back up and running.

 

Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by Masahiro (administrator) on MASAHIRO-PC on 01-02-2015 21:01:58
Running from C:\Users\Masahiro\Documents\Downloads
Loaded Profiles: Masahiro (Available profiles: Masahiro & UHCCadmin & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [NWTRAY] => C:\windows\system32\NWTRAY.EXE [37976 2011-11-27] ()
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-05-19] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-09-14] (McAfee, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\...\MountPoints2: {93c2d6ad-06bd-11e3-b48b-e840f24ab574} - E:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\...\MountPoints2: {e79e13c3-8abe-11e2-ad5c-963c8bf4f3ef} - E:\LaunchU3.exe -a
Lsa: [Authentication Packages] msv1_0 ncv1_0
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> DefaultScope {BB3EECE3-FF12-456F-9AF5-692288B8AE4E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS480
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {1D7BC42C-6200-48D8-B7F2-2874EC9BCEF9} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS480
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9C53C294-E963-4534-BDCC-AD9FE7FF732B}&mid=48293a18394047d299253909b4ae5c87-dcfa1072644aba142413593ace23e01a079fa358&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-07-08 22:23:54&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {BB3EECE3-FF12-456F-9AF5-692288B8AE4E} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS480
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131103153942.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131103153942.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 9\Ncbi.dll (Invitrogen Corp.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Masahiro\Desktop\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Users\Masahiro\Desktop\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-11-03]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: Default -> "hxxp://start.toshiba.com/?cid=C001B2Y"
CHR Profile: C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-01]
CHR Extension: (Google Docs) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-01]
CHR Extension: (Google Drive) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-01]
CHR Extension: (YouTube) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-01]
CHR Extension: (Google Search) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-01]
CHR Extension: (Google Sheets) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-01]
CHR Extension: (Skype Click to Call) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-01]
CHR Extension: (Google Wallet) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
CHR Extension: (Gmail) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
S2 hasplms; C:\windows\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-09-18] (Symantec Corporation)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-05-19] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2013-11-03] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [158832 2013-11-03] (McAfee, Inc.)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [19544 2011-11-27] (Novell, Inc.)
S2 Crypkey License; crypserv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [63944 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [5632 2011-11-17] (Windows ® Codename Longhorn DDK provider)
S3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-11-17] (SEIKO EPSON CORPORATION)
S2 Hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-09] (SafeNet Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2013-11-03] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2013-11-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2013-11-03] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2013-11-03] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2013-11-03] (McAfee, Inc.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112216 2011-11-27] ()
S2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [108120 2011-11-27] ()
S2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [88152 2011-11-27] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [119896 2011-11-27] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26200 2011-11-27] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31320 2011-11-27] (Novell, Inc.)
S3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-10-15] (Jungo)
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 21:01 - 2015-02-01 21:02 - 00000000 ____D () C:\FRST
2015-02-01 02:20 - 2015-02-01 02:20 - 00000000 __SHD () C:\Users\Masahiro\AppData\Local\EmieUserList
2015-02-01 02:20 - 2015-02-01 02:20 - 00000000 __SHD () C:\Users\Masahiro\AppData\Local\EmieSiteList
2015-02-01 02:20 - 2015-02-01 02:20 - 00000000 __SHD () C:\Users\Masahiro\AppData\Local\EmieBrowserModeList
2015-01-31 23:45 - 2015-01-31 23:45 - 00000000 ____D () C:\NPE
2015-01-31 15:06 - 2015-01-31 15:06 - 00000000 ____D () C:\Users\Masahiro\AppData\Local\Google
2015-01-27 15:34 - 2015-01-27 15:34 - 00003102 _____ () C:\windows\System32\Tasks\{71CFAAE1-0376-44F4-98CF-8D46C4919DD6}
2015-01-27 13:28 - 2015-01-27 13:28 - 04070576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-27 01:24 - 2015-01-27 01:24 - 00020142 _____ () C:\Users\Masahiro\Desktop\ESETPoweliksCleaner.exe_20150127.012436.2032.log
2015-01-27 01:20 - 2015-01-27 01:21 - 00039942 _____ () C:\Users\Masahiro\Desktop\ESETPoweliksCleaner.exe_20150127.012014.2500.log
2015-01-26 10:59 - 2015-01-26 14:58 - 00019963 _____ () C:\Users\Masahiro\Desktop\01232015 milk.xlsx
2015-01-25 14:45 - 2015-02-01 00:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 14:42 - 2015-01-25 14:42 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 14:42 - 2015-01-25 14:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-25 14:42 - 2014-11-21 06:54 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-25 14:42 - 2014-11-21 06:53 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-25 14:42 - 2014-11-21 06:53 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-24 04:16 - 2015-01-24 04:16 - 00003038 _____ () C:\windows\System32\Tasks\zdjgucm
2015-01-13 23:44 - 2014-12-18 15:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 23:44 - 2014-12-11 19:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 23:44 - 2014-12-11 19:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 23:44 - 2014-12-11 19:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 23:44 - 2014-12-11 19:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 23:44 - 2014-12-11 19:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 23:44 - 2014-12-11 19:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 23:44 - 2014-12-11 19:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 23:44 - 2014-12-11 07:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 23:40 - 2014-12-18 17:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 23:40 - 2014-12-05 18:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 23:40 - 2014-12-05 17:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 23:40 - 2014-12-05 17:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-07 01:47 - 2015-01-25 14:50 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-07 01:46 - 2015-01-07 01:46 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-07 01:44 - 2015-01-07 01:44 - 00058610 _____ () C:\windows\SysWOW64\CCCInstall_201501070144296697.log
2015-01-07 01:05 - 2015-01-07 01:45 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-07 00:15 - 2015-01-07 00:16 - 00374400 _____ () C:\windows\Minidump\010715-44616-01.dmp
2015-01-06 23:54 - 2015-01-07 01:45 - 00000000 ____D () C:\Program Files\AMD
2015-01-06 22:32 - 2015-01-06 22:33 - 01317928 _____ () C:\windows\Minidump\010615-39281-01.dmp
2015-01-06 14:16 - 2015-01-06 14:16 - 01317888 _____ () C:\windows\Minidump\010615-34710-01.dmp
2015-01-06 12:24 - 2015-01-06 12:24 - 01183144 _____ () C:\windows\Minidump\010615-41153-01.dmp
2015-01-06 10:13 - 2015-01-06 10:13 - 00778768 _____ () C:\windows\Minidump\010615-39062-01.dmp
2015-01-03 16:13 - 2015-01-30 23:53 - 00000000 ____D () C:\Users\Masahiro\Desktop\Tsukuba boshu
2015-01-03 09:27 - 2015-01-03 09:27 - 01701056 _____ () C:\windows\Minidump\010315-37424-01.dmp
2015-01-03 02:55 - 2015-01-03 02:55 - 00374400 _____ () C:\windows\Minidump\010315-39171-01.dmp
2015-01-02 23:21 - 2015-01-02 23:21 - 00376152 _____ () C:\windows\Minidump\010215-38781-01.dmp
2015-01-02 22:28 - 2015-01-02 22:28 - 01701056 _____ () C:\windows\Minidump\010215-51059-01.dmp
2015-01-02 21:03 - 2015-01-02 21:03 - 00374392 _____ () C:\windows\Minidump\010215-51995-01.dmp
2015-01-02 01:52 - 2015-01-02 01:52 - 00778752 _____ () C:\windows\Minidump\010215-34819-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 20:42 - 2013-10-31 13:11 - 00000000 ____D () C:\Users\Masahiro\AppData\Roaming\Dropbox
2015-02-01 20:40 - 2009-07-13 19:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-01 20:40 - 2009-07-13 18:51 - 00147604 _____ () C:\windows\setupact.log
2015-02-01 02:54 - 2012-04-15 22:01 - 00000000 ____D () C:\Users\Masahiro
2015-02-01 02:01 - 2012-02-15 02:43 - 01733624 _____ () C:\windows\WindowsUpdate.log
2015-02-01 00:12 - 2009-07-13 18:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 00:12 - 2009-07-13 18:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 00:10 - 2009-07-13 19:13 - 00795858 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-01 00:05 - 2012-02-15 03:17 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 23:56 - 2012-02-15 03:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 11:28 - 2014-06-14 00:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 01:31 - 2012-11-15 20:49 - 00000000 __RHD () C:\Users\Masahiro\AppData\Roaming\SecuROM
2015-01-29 00:29 - 2010-05-13 14:53 - 00047104 _____ (Inside Core) C:\Users\Masahiro\Desktop\AutoRunExterminator.exe
2015-01-28 23:43 - 2010-11-20 17:47 - 00628006 _____ () C:\windows\PFRO.log
2015-01-27 16:23 - 2012-02-15 03:27 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2015-01-27 16:22 - 2012-02-15 03:27 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-01-27 13:29 - 2014-06-14 00:20 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 13:29 - 2014-06-14 00:20 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 13:29 - 2011-11-02 02:01 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 22:20 - 2014-10-17 16:10 - 00000000 ____D () C:\Users\Masahiro\Desktop\data and results
2015-01-26 22:11 - 2012-11-15 15:18 - 00000000 ____D () C:\Users\Masahiro\Desktop\cancer research
2015-01-26 22:07 - 2014-04-22 22:41 - 00000000 ____D () C:\Users\Masahiro\Desktop\autophagy
2015-01-26 22:02 - 2014-12-30 11:21 - 00000000 ____D () C:\Users\Masahiro\Desktop\CV
2015-01-26 21:56 - 2014-03-08 13:40 - 00000000 ____D () C:\Users\Masahiro\Desktop\CD
2015-01-26 21:02 - 2014-10-07 22:52 - 00000000 ____D () C:\Users\Masahiro\.imagej
2015-01-26 20:33 - 2014-11-17 13:36 - 00000000 ____D () C:\Users\Masahiro\Desktop\breast cancer vs RA
2015-01-26 20:32 - 2014-10-17 16:44 - 00000000 ____D () C:\Users\Masahiro\Desktop\ATRA
2015-01-26 20:32 - 2014-10-17 16:42 - 00000000 ____D () C:\Users\Masahiro\Desktop\CDKcyclin
2015-01-26 20:21 - 2012-06-27 13:26 - 00000000 ____D () C:\Users\Masahiro\Desktop\certificate
2015-01-26 20:09 - 2012-06-27 13:27 - 00000000 ____D () C:\Users\Masahiro\Desktop\Airgas invoices
2015-01-26 01:56 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\Registration
2015-01-25 11:52 - 2012-06-27 21:35 - 00000000 ____D () C:\Users\Masahiro\Desktop\DVD
2015-01-25 11:07 - 2013-10-31 13:21 - 00000000 ___RD () C:\Users\Masahiro\Dropbox
2015-01-15 00:51 - 2009-07-13 19:08 - 00032630 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-14 19:26 - 2013-08-12 22:18 - 00000000 ____D () C:\Users\Masahiro\Desktop\Kavakava research
2015-01-14 03:15 - 2013-08-11 17:56 - 00000000 ____D () C:\windows\system32\MRT
2015-01-12 06:59 - 2009-07-13 17:20 - 00000000 ____D () C:\windows\rescache
2015-01-07 00:43 - 2012-06-21 15:58 - 00000000 ____D () C:\Users\Administrator
2015-01-07 00:42 - 2012-04-16 12:24 - 00000000 ____D () C:\Users\UHCCadmin
2015-01-07 00:15 - 2012-08-02 21:01 - 00000000 ____D () C:\windows\Minidump
2015-01-07 00:15 - 2012-08-02 21:00 - 386721405 _____ () C:\windows\MEMORY.DMP
2015-01-06 04:36 - 2010-11-20 17:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-08-27 13:36 - 2012-08-27 13:36 - 0000096 _____ () C:\Users\Masahiro\AppData\Local\fusioncache.dat
2013-03-05 02:46 - 2013-07-15 11:12 - 0000125 ____N () C:\ProgramData\.zreglib
2015-01-24 04:21 - 2015-01-25 23:27 - 0000680 _____ () C:\ProgramData\@system.temp
2015-01-24 04:21 - 2015-01-25 23:27 - 0000416 _____ () C:\ProgramData\@system3.att
2012-04-17 13:37 - 2012-04-17 13:40 - 0000881 _____ () C:\ProgramData\NCIDebug.log
2012-10-01 14:23 - 2015-01-09 16:55 - 0000039 _____ () C:\ProgramData\obmlf6
 
Some content of TEMP:
====================
C:\Users\UHCCadmin\AppData\Local\Temp\Risweb32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-30 09:14
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:48 PM

Posted 03 February 2015 - 11:30 AM

EDIT

Edited by Machiavelli, 03 February 2015 - 11:32 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 03 February 2015 - 11:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9C53C294-E963-4534-BDCC-AD9FE7FF732B}&mid=48293a18394047d299253909b4ae5c87-dcfa1072644aba142413593ace23e01a079fa358&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-07-08 22:23:54&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Masahiro\Desktop\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Users\Masahiro\Desktop\VLC\npvlc.dll No File
CHR Extension: (Google Wallet) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 Crypkey License; crypserv.exe [X]
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
Task: {A749C6CF-53FD-40F5-A22B-7BB1733819DB} - System32\Tasks\zdjgucm => C:\Users\Masahiro\AppData\Local\Temp\bvyullj.exe <==== ATTENTION
C:\Users\Masahiro\AppData\Local\Temp\bvyullj.exe
C:\windows\MEMORY.DMP
C:\windows\Minidump\010615-39281-01.dmp
C:\windows\Minidump\010615-34710-01.dmp
C:\windows\Minidump\010615-41153-01.dmp
C:\windows\Minidump\010615-39062-01.dmp
C:\windows\Minidump\010315-37424-01.dmp
C:\windows\Minidump\010315-39171-01.dmp
C:\windows\Minidump\010215-38781-01.dmp
C:\windows\Minidump\010215-51059-01.dmp
C:\windows\Minidump\010215-51995-01.dmp
C:\windows\Minidump\010215-34819-01.dmp
C:\windows\Minidump\010715-44616-01.dmp

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#4 Mocha_Frapp

Mocha_Frapp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 06 February 2015 - 12:06 AM

Ok, I attached the log files to the post.

 

Here is the checkup.txt file content

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee VirusScan Enterprise   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 McAfee VirusScan Enterprise vstskmgr.exe  
 McAfee VirusScan Enterprise mfeann.exe  
 McAfee VirusScan Enterprise shstat.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 8% 
````````````````````End of Log`````````````````````` 
 
 
 
Here is the content of fixlog.txt
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Masahiro at 2015-02-05 18:34:06 Run:1
Running from C:\Users\Masahiro\Desktop\FRST
Loaded Profiles: Masahiro (Available profiles: Masahiro & UHCCadmin & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Masahiro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9C53C294-E963-4534-BDCC-AD9FE7FF732B}&mid=48293a18394047d299253909b4ae5c87-dcfa1072644aba142413593ace23e01a079fa358&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-07-08 22:23:54&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3066140020-3313811486-2836414463-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Masahiro\Desktop\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Users\Masahiro\Desktop\VLC\npvlc.dll No File
CHR Extension: (Google Wallet) - C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-01]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
S2 Crypkey License; crypserv.exe [X]
S1 NetworkX; \SystemRoot\system32\ckldrv.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
Task: {A749C6CF-53FD-40F5-A22B-7BB1733819DB} - System32\Tasks\zdjgucm => C:\Users\Masahiro\AppData\Local\Temp\bvyullj.exe <==== ATTENTION
C:\Users\Masahiro\AppData\Local\Temp\bvyullj.exe
C:\windows\MEMORY.DMP
C:\windows\Minidump\010615-39281-01.dmp
C:\windows\Minidump\010615-34710-01.dmp
C:\windows\Minidump\010615-41153-01.dmp
C:\windows\Minidump\010615-39062-01.dmp
C:\windows\Minidump\010315-37424-01.dmp
C:\windows\Minidump\010315-39171-01.dmp
C:\windows\Minidump\010215-38781-01.dmp
C:\windows\Minidump\010215-51059-01.dmp
C:\windows\Minidump\010215-51995-01.dmp
C:\windows\Minidump\010215-34819-01.dmp
C:\windows\Minidump\010715-44616-01.dmp
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKU\S-1-5-21-3066140020-3313811486-2836414463-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
C:\Users\Masahiro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
Crypkey License => Service deleted successfully.
NetworkX => Service deleted successfully.
TDEIO => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A749C6CF-53FD-40F5-A22B-7BB1733819DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A749C6CF-53FD-40F5-A22B-7BB1733819DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\zdjgucm => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zdjgucm" => Key deleted successfully.
"C:\Users\Masahiro\AppData\Local\Temp\bvyullj.exe" => File/Directory not found.
C:\windows\MEMORY.DMP => Moved successfully.
C:\windows\Minidump\010615-39281-01.dmp => Moved successfully.
C:\windows\Minidump\010615-34710-01.dmp => Moved successfully.
C:\windows\Minidump\010615-41153-01.dmp => Moved successfully.
C:\windows\Minidump\010615-39062-01.dmp => Moved successfully.
C:\windows\Minidump\010315-37424-01.dmp => Moved successfully.
C:\windows\Minidump\010315-39171-01.dmp => Moved successfully.
C:\windows\Minidump\010215-38781-01.dmp => Moved successfully.
C:\windows\Minidump\010215-51059-01.dmp => Moved successfully.
C:\windows\Minidump\010215-51995-01.dmp => Moved successfully.
C:\windows\Minidump\010215-34819-01.dmp => Moved successfully.
C:\windows\Minidump\010715-44616-01.dmp => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:34:07 ====
 
thx

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 06 February 2015 - 09:07 AM

Remove this old version of Java™ 6 Update 25 using the Add/Remove programs applet.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:48 PM

Posted 12 February 2015 - 09:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users