Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow, antivirus shut off, interent wont work at all, power problems


  • This topic is locked This topic is locked
27 replies to this topic

#1 johneffinsmith

johneffinsmith

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 02 July 2015 - 12:59 PM

Hi. I believe that my moms laptop is infected. The internet just stopped working, despite the full wifi signal. Other devices still work on the same connection. She says it's been really slow, I noticed that her Norton was no longer running(and couldn't be started). I also noticed that the battery will not run the computer, it only works when it's plugged in. However, that doesn't happen until it gets to windows. As in, I turn it on unplugged, it boots, once windows loads it shuts off. There is a split second where I can see that the battery is indicated as charged though

Here are the FRST files, thanks

Attached Files


Edited by johneffinsmith, 02 July 2015 - 01:00 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 07 July 2015 - 01:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581636 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 08 July 2015 - 08:07 PM

I do not have access to my Windows CD. Here are some new FSRT files

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 09 July 2015 - 10:39 AM

Hi and welcome to the forums.  Sorry for the delay.
 
Please do this...
 
Cut/Paste and move FRST64.exe to your desktop!!

Running from E:\

 
Next..
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
 

start

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {31878885-DC79-486F-A2E7-38F3D6D818BD} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {31878885-DC79-486F-A2E7-38F3D6D818BD} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> DefaultScope {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {31878885-DC79-486F-A2E7-38F3D6D818BD} URL =
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {44005B9F-F501-4AF3-86A0-2808F6A7B9AE} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\1biq.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2427315354.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2716671894.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2724159908.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\3170712561.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\699527521.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\721295559.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\794937688.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ao2gv.dll
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\cbnn94gdkpl.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\e4m4x0.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ei727tb1.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\elev.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\iexplorer.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\kkb2l09j6.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgb.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgc.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgg.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mkcxhunr.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mszwutya.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\nmxesarwco.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\o2wpz6uul.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\oklte.dll
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\setup.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\tpcuqc.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\vkh9ohbk.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\w7i2ivbw7n6.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wonsermaxc.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wsnxmeocra.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wtpvaae.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ylxnq80y.exe
C:\users\hoogy boogie man\appdata\roaming\cabo\rauq.exe
EmptyTemp:
CMD: ipconfig /flushdns
Hosts:

End

 
 
Save the files as fixlist.txt to your desktop.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please COPY and PASTE it in your reply.
 
<<<<<<<<<<
 
Next...
 
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

<<<<<<<<<<

 

Please re-boot your computer now.

 

<<<<<<<<<<

 

Please run FRST64.exe again and copy/paste a new log

 

<<<<<<<<<<

 

Will need...

 

  1. Fixlog.txt
  2. FSS.txt
  3. FRST.txt

 

 

How is your computer running now?
 
What problems remain?


Edited by thcbytes, 09 July 2015 - 01:33 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 09 July 2015 - 04:10 PM

Done! I didn't get a chance to do a whole lot, but I didn't notice anything different and the internet still doesn't work

 

Thanks!

Attached Files



#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 09 July 2015 - 05:41 PM

Hello again,

 

Well done.

 

Please clarify something for me.  You said "the internet still doesn't work". 

 

What happens when you try to connect?  What screen do you see?  Does it occur with both Firefox and Chrome?  How about Internet Explorer?  How do you connect?  Direct connection ethernet cord into modem or wireless with router?  Can another computer make a successful connection by the same route?

 

In the future please copy and paste all logs into your replies as I have done for you below unless directed otherwise.  If there are multiple logs just copy and paste over several individual replies.

 

Let me take a look at these logs and I will tell you what to do next.

 

<<<<<<<<<<

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Julie Duncan at 2015-07-09 14:39:09 Run:1
Running from C:\Users\Julie Duncan\Desktop
Loaded Profiles: Julie Duncan (Available Profiles: Julie Duncan & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {31878885-DC79-486F-A2E7-38F3D6D818BD} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {31878885-DC79-486F-A2E7-38F3D6D818BD} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> DefaultScope {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {31878885-DC79-486F-A2E7-38F3D6D818BD} URL =
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {38D745C6-80C8-4980-B3E4-70DDF22EDD28} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS367US367
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {44005B9F-F501-4AF3-86A0-2808F6A7B9AE} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKU\S-1-5-21-2715064900-3680720148-2395570521-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\1biq.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2427315354.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2716671894.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2724159908.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\3170712561.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\699527521.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\721295559.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\794937688.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ao2gv.dll
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\cbnn94gdkpl.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\e4m4x0.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ei727tb1.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\elev.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\iexplorer.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\kkb2l09j6.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgb.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgc.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgg.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mkcxhunr.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mszwutya.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\nmxesarwco.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\o2wpz6uul.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\oklte.dll
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\setup.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\tpcuqc.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\vkh9ohbk.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\w7i2ivbw7n6.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wonsermaxc.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wsnxmeocra.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wtpvaae.exe
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ylxnq80y.exe
C:\users\hoogy boogie man\appdata\roaming\cabo\rauq.exe
EmptyTemp:
CMD: ipconfig /flushdns
Hosts:

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31878885-DC79-486F-A2E7-38F3D6D818BD}" => key removed successfully
HKCR\CLSID\{31878885-DC79-486F-A2E7-38F3D6D818BD} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{38D745C6-80C8-4980-B3E4-70DDF22EDD28}" => key removed successfully
HKCR\Wow6432Node\CLSID\{38D745C6-80C8-4980-B3E4-70DDF22EDD28} => key not found.
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31878885-DC79-486F-A2E7-38F3D6D818BD}" => key removed successfully
HKCR\CLSID\{31878885-DC79-486F-A2E7-38F3D6D818BD} => key not found.
"HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38D745C6-80C8-4980-B3E4-70DDF22EDD28}" => key removed successfully
HKCR\CLSID\{38D745C6-80C8-4980-B3E4-70DDF22EDD28} => key not found.
"HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44005B9F-F501-4AF3-86A0-2808F6A7B9AE}" => key removed successfully
HKCR\CLSID\{44005B9F-F501-4AF3-86A0-2808F6A7B9AE} => key not found.
"HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKU\S-1-5-21-2715064900-3680720148-2395570521-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\1biq.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2427315354.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2716671894.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2724159908.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\3170712561.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\699527521.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\721295559.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\794937688.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ao2gv.dll => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\cbnn94gdkpl.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\e4m4x0.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ei727tb1.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\elev.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\iexplorer.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\kkb2l09j6.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgb.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgc.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgg.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mkcxhunr.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mszwutya.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\nmxesarwco.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\o2wpz6uul.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\oklte.dll => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\setup.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\tpcuqc.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\vkh9ohbk.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\w7i2ivbw7n6.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wonsermaxc.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wsnxmeocra.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wtpvaae.exe => moved successfully.
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ylxnq80y.exe => moved successfully.
"C:\users\hoogy boogie man\appdata\roaming\cabo\rauq.exe" => File/Folder not found.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 612.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:45:42 ====

 

 


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 09 July 2015 - 05:41 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Julie Duncan (administrator) on 09-07-2015 at 15:28:20
Running from "C:\Users\Julie Duncan\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 10 July 2015 - 05:38 PM

The computer itself appears to be connected, according to the taskbar icon. I've tried to access the internet using Firefox and IE, I get "Unable to connect, Firefox can't establish a connection..." and "This page can't be displayed, Make sure the web address...". I attempted to install Chrome from a usb drive and got "egads! installation failed. Error code 0xa0430721". My mom was connected with wifi at her house, I've been using an ethernet cable at my place while trying to fix it. All other devices work on both my moms connection and mine, via wifi and ethernet

 

"In the future please copy and paste all logs into your replies as I have done for you below" Will do, thanks


Edited by johneffinsmith, 10 July 2015 - 05:39 PM.


#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 10 July 2015 - 07:51 PM

Let's continue,
 
Thanks for the explanation. 
 
More questions and some work to do..
 

I noticed that her Norton was no longer running(and couldn't be started)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 
Norton is updated and running now based on your logs. Windows Defender is disabled but that is because Norton is running in its place.

<<<<<<<<<<

Do you recognize this user?

C:\Users\Hoogy Boogie Man
 
<<<<<<<<<<
 
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

<<<<<<<<<<
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

<<<<<<<<<<
 
Next...
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
<<<<<<<<<<

System Summary Information

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply

 

<<<<<<<<<<

 

 

With your next post please provide:

  • Answers to questions
  • ADW log
  • JRT log
  • Results.txt
  • System Summary (zip and attach)

Kind regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 10 July 2015 - 09:35 PM

I can't open anything related to Norton, I've tried all icons, there are no Norton icons in the taskbar. Hoggieboogieman(usually spelled that way) is a unsername that I've used before. I haven't used her computer much in years, but I most likely created that user a long time ago

 

AdwCleaner[S0]:

 

# AdwCleaner v4.208 - Logfile created 02/01/2009 at 03:33:04
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Julie Duncan - JULIE-PC
# Running from : C:\Users\Julie Duncan\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Guest\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Hoogy Boogie Man\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Hoogy Boogie Man\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Hoogy Boogie Man\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\New Julie\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Julie Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\r0ldl842.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Users\Hoogy Boogie Man\AppData\Roaming\Mozilla\Firefox\Profiles\jwq9tvja.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT078475

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2315 bytes] - [02/01/2009 03:30:39]
AdwCleaner[S0].txt - [2274 bytes] - [02/01/2009 03:33:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2333  bytes] ##########
 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.1 (07.10.2015:2)
OS: Windows 7 Home Premium x64
Ran by Julie Duncan on Fri 01/02/2009 at  3:55:09.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\users\public\desktop\play games.lnk



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Julie Duncan\AppData\Roaming\mozilla\firefox\profiles\r0ldl842.default\minidumps [20 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/02/2009 at  3:57:59.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I forgot to run Minitoolbox and now don't have time, will run/post tomorrow
 

Attached Files


Edited by johneffinsmith, 10 July 2015 - 09:35 PM.


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 11 July 2015 - 02:53 PM

Ok.  Minitoolbox next please.

 

Thanks


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 12 July 2015 - 12:12 AM

Hey, sorry for the late reply. I ended being able to turn off and remove Norton. I forgot to click "Show processes from all users" when I looked for it last time. The internet works! Well, almost, only via ethernet. The wireless doesn't work now for some reason. After some research, apparently it's a problem with the Toshiba software related to the stupid wireless switch on the keyboard not working, keeping me from turning the wireless card on. I'm not sure if some of the Toshiba bloatware got removed or something. Unless you have an easy solution, I should be able to fix that myself if I look into it.

 

Thanks!

Attached Files



#13 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 12 July 2015 - 01:22 AM

oops, forgot to copy/paste the text

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Julie Duncan (administrator) on 11-07-2015 at 14:16:59
Running from "C:\Users\Julie Duncan\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite P505D Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


========================= IP Configuration: ================================

Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Julie-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 70-1A-04-9A-80-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.mn.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 70-1A-04-9A-80-C8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.mn.comcast.net.
   Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-26-9E-B4-03-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:445:101:5a5a:cc4c:6209:50be:3af7(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:445:101:5a5a:790f:c60d:d769:3e33(Preferred)
   Link-local IPv6 Address . . . . . : fe80::cc4c:6209:50be:3af7%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, July 11, 2015 2:15:40 PM
   Lease Expires . . . . . . . . . . : Saturday, July 18, 2015 2:15:39 PM
   Default Gateway . . . . . . . . . : fe80::5e57:1aff:fe94:2a01%10
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234890910
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-BC-47-73-00-26-9E-B4-03-6F
   DNS Servers . . . . . . . . . . . : 2001:558:feed::2
                                       2001:558:feed::1
                                       75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.mn.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.mn.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9A976C47-7B1D-4D2C-A725-2C8FFDCB18B5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [2607:f8b0:4009:80a::200e] with 32 bytes of data:
Reply from 2607:f8b0:4009:80a::200e: time=20ms
Reply from 2607:f8b0:4009:80a::200e: time=17ms

Ping statistics for 2607:f8b0:4009:80a::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 20ms, Average = 18ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::2

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Reply from 2001:4998:c:a06::2:4008: time=70ms
Reply from 2001:4998:c:a06::2:4008: time=62ms

Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 70ms, Average = 66ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...70 1a 04 9a 80 c8 ......Microsoft Virtual WiFi Miniport Adapter
 12...70 1a 04 9a 80 c8 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
 10...00 26 9e b4 03 6f ......Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.11     20
         10.0.0.0    255.255.255.0         On-link         10.0.0.11    276
        10.0.0.11  255.255.255.255         On-link         10.0.0.11    276
       10.0.0.255  255.255.255.255         On-link         10.0.0.11    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.11    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.11    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    276 ::/0                     fe80::5e57:1aff:fe94:2a01
  1    306 ::1/128                  On-link
 10     28 2601:445:101:5a5a::/64   On-link
 10    276 2601:445:101:5a5a:790f:c60d:d769:3e33/128
                                    On-link
 10    276 2601:445:101:5a5a:cc4c:6209:50be:3af7/128
                                    On-link
 10    276 fe80::/64                On-link
 10    276 fe80::cc4c:6209:50be:3af7/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/09/2015 02:39:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {654af07b-f88d-4d84-96e2-5b9768a72262}

Error: (06/10/2015 07:09:29 PM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (06/05/2015 08:24:48 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (06/05/2015 08:24:48 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EFD

Error: (05/28/2015 06:26:21 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/28/2015 06:26:21 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EFD

Error: (05/09/2015 03:05:28 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (03/19/2015 03:05:50 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (03/18/2015 11:07:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153
Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x116c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/21/2015 00:52:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x10b0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (07/11/2015 02:15:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccHP

Error: (07/11/2015 02:15:43 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2

Error: (07/11/2015 02:15:33 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/11/2015 02:15:33 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/01/2009 00:01:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
ccHP

Error: (01/01/2009 00:01:18 AM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2

Error: (01/01/2009 00:01:03 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (01/01/2009 00:01:03 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/01/2009 00:01:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:50:58 PM on ‎7/‎11/‎2015 was unexpected.

Error: (01/02/2009 08:57:52 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{A0880F03-8480-482E-1606-BC91669B0882}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\WT078308) (Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT078087) (Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (HKLM-x32\...\{14956199-1890-C3D4-F8B8-3C0C6FD82993}) (Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.6.63 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DVD MovieFactory for TOSHIBA (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Faerie Solitaire (HKLM-x32\...\WT078491) (Version: 2.2.0.82 - WildTangent) Hidden
FATE Undiscovered Realms (HKLM-x32\...\WT078109) (Version: 2.2.0.82 - WildTangent) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.0 - Conexant Systems)
Java™ 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly (HKLM-x32\...\WT078123) (Version: 2.2.0.82 - WildTangent) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - The Vegas Heist (HKLM-x32\...\WT078349) (Version: 2.2.0.82 - WildTangent) Hidden
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 17.6.0.32 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{D1157589-296B-4AB7-A2B1-B69900C5F399}) (Version: 2.0.19.D - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{D1157589-296B-4AB7-A2B1-B69900C5F399}) (Version: 2.0.19.D - O2Micro International LTD.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WT078129) (Version: 2.2.0.82 - WildTangent) Hidden
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.42.1000 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.7.3 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.7.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version:  - )
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version:  - )
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Families (HKLM-x32\...\WT078130) (Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (HKLM-x32\...\WT078385) (Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent ORB Game Console (HKLM-x32\...\TOSHIBA Game Console) (Version:  - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version:  - )

========================= Devices: ================================

Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx64
Device ID: ROOT\LEGACY_BHDRVX64\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Hash Provider
Description: Symantec Hash Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccHP
Device ID: ROOT\LEGACY_CCHP\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3838.36 MB
Available physical RAM: 2785.43 MB
Total Virtual: 7674.93 MB
Available Virtual: 6472.68 MB

========================= Partitions: =====================================

1 Drive c: (TI105741W0B) (Fixed) (Total:454.33 GB) (Free:391.83 GB) NTFS
3 Drive e: () (Removable) (Total:1.88 GB) (Free:1.87 GB) FAT

========================= Users: ========================================

User accounts for \\JULIE-PC

Administrator            Guest                    Julie Duncan             

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

28-05-2015 23:24:59 Windows Backup
28-05-2015 23:39:05 Restore Operation
29-05-2015 00:24:39 Windows Backup
05-06-2015 05:00:00 Scheduled Checkpoint
10-06-2015 23:54:15 Windows Update
11-06-2015 00:05:39 Restore Operation
11-06-2015 01:02:38 Windows Update
24-06-2015 18:30:32 Windows Update
24-06-2015 18:30:32 Scheduled Checkpoint
24-06-2015 18:31:35 Windows Backup
30-06-2015 06:23:31 Windows Backup
09-07-2015 19:39:14 Restore Point Created by FRST
09-07-2015 19:43:42 Windows Backup

**** End of log ****
 



#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 AM

Posted 12 July 2015 - 08:50 AM

Hey there,
 
Nice work!  I am not as good with hardware/software issues as I am with malware/security so I'm glad your problem solving that.  If problems persist then I can surely refer you to a specialist here that can help!  I will make sure were clear and secure from a malware/security standpoint so hang in there with me a little longer.
 
<<<<<<<<<<

  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop.  Please copy and paste the contents in your reply

<<<<<<<<<<

  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click Save Results in the lower right hand corner of the screen then select Text file (.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply

<<<<<<<<<<

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer

<<<<<<<<<<

With your next post please provide:

 

  1. Security check log
  2. MBAM log
  3. ESET log
  4. What problems remain?


Kind regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 johneffinsmith

johneffinsmith
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 12 July 2015 - 10:55 PM

 Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 14  
 Java version 32-bit out of Date!
  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 36.0.4 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/12/2015
Scan Time: 7:32 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.12.04
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Julie Duncan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 498362
Time Elapsed: 28 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
Rogue.AntimalwareDoctor, HKU\S-1-5-21-2715064900-3680720148-2395570521-1001\SOFTWARE\Antimalware Doctor Inc, , [8e56538df09a67cf6fa3942119eab947],
Trojan.FakeAlert, HKU\S-1-5-21-2715064900-3680720148-2395570521-1001\SOFTWARE\OTGV1DNWQQ, , [a14331af711938feae01f7c94ab9d030],
Rogue.SecuritySuite, HKU\S-1-5-21-2715064900-3680720148-2395570521-1001\SOFTWARE\wnxmal, , [35afc020f397b680d2acdbe708fb37c9],
Trojan.FakeAlert, HKU\S-1-5-21-2715064900-3680720148-2395570521-1001\SOFTWARE\XML, , [776d647c1476dc5a44511ca637cc58a8],
Trojan.FakeAlert, HKU\S-1-5-21-2715064900-3680720148-2395570521-1001\SOFTWARE\YXE7DXCQ37, , [885ce7f974166ec81c8f437f47bc10f0],

Registry Values: 1
Malware.Trace, HKU\S-1-5-21-2715064900-3680720148-2395570521-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER|WINID, 1CB534D8FAA4F0C, , [13d1aa36f09a3ff77eb415a30cf741bf]

Registry Data: 0
(No malicious items detected)

Folders: 2
Rogue.Multiple, C:\ProgramData\03398831, , [d50fe1ff7c0e3bfbecccb8073ec4a35d],
Rogue.AntiMalwareDoctor, C:\Users\Hoogy Boogie Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor, , [588c88580b7f0f278fa5dbec7c86758b],

Files: 30
Trojan.Agent, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\1biq.exe, , [ac386b75aedc04321d54049945bb2ad6],
Trojan.Downloader, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2427315354.exe, , [776d7a661d6d4de91e02ef76738daf51],
Trojan.Downloader, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\2716671894.exe, , [30b4994713773afcb46c560f37c947b9],
Trojan.Agent, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ao2gv.dll, , [6e76d8082e5c8bab34caf5f2c143bd43],
Trojan.Downloader, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\cbnn94gdkpl.exe, , [796b459bd7b3f145c15f6ef733cd0000],
Malware.Packer.Gen, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\e4m4x0.exe, , [7074736d8ffb6acca02a70f0728e8c74],
Trojan.Sisproc.Gen, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ei727tb1.exe, , [e400716f59312610e32ae5831ce449b7],
Rootkit.Agent.Gen, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\elev.exe, , [dc081ec2b3d7bd79bc69b0b2e41c12ee],
Trojan.Sisproc.Gen, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\kkb2l09j6.exe, , [d70dba262367181e2ae3a0c828d8837d],
Trojan.Alureon, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgb.exe, , [6b7957890f7b41f591bb550f6e92fd03],
Trojan.FakeNPP, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgc.exe, , [29bb7b6595f584b296219ea0748ca35d],
Trojan.FakeNPP, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgg.exe, , [30b4d50b296192a4c2f5b28c9d638977],
Trojan.Hiloti, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mkcxhunr.exe, , [22c25f81800a73c32f083037da2602fe],
Malware.Packer.Gen, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\mszwutya.exe, , [ca1a4f91fe8c0a2c0ebc5e02c937b54b],
Trojan.Agent, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\nmxesarwco.exe, , [836118c8d8b2b87e95dc356854ac46ba],
Trojan.Dropper, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\o2wpz6uul.exe, , [42a219c78604b3832ca75299ae561ae6],
Trojan.Agent, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\oklte.dll, , [05dfd709aedc93a376881fc8956ff30d],
Trojan.Downloader, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\setup.exe, , [da0a7868cac08da9061a61049f61d729],
Malware.Packer.Gen, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\tpcuqc.exe, , [d60e726e365471c53595025ec63abb45],
Trojan.Downloader, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\vkh9ohbk.exe, , [e30138a88dfd96a0d4fa0a2fe421f010],
Trojan.Downloader, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\w7i2ivbw7n6.exe, , [38ac19c7602a0135ba663233b24e4cb4],
Rootkit.Dropper, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wsnxmeocra.exe, , [6084b927197166d04bf4a8bac739d62a],
Rogue.SecuritySuite, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wtpvaae.exe, , [70746c744f3b90a6f5d9c29f6f91b050],
Virus.Virut, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\ylxnq80y.exe, , [568ec0204c3ecb6b5273ae64cf331fe1],
Rogue.AntimalwareDoctor, C:\Users\Hoogy Boogie Man\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk, , [16ceb42c3852b0862342553853b09967],
Trojan.Clicker, C:\Users\Hoogy Boogie Man\AppData\Local\Temp\iexplorer.exe, , [c321c61abccebb7b85674759966d5da3],
Malware.Trace, C:\Users\Public\Documents\Server\admin.txt, , [2bb94898ec9e95a18084059fdc2722de],
Malware.Trace, C:\Users\Public\Documents\Server\server.dat, , [05df6b75296166d0be4704a0ce35fc04],
Rogue.AntiMalwareDoctor, C:\Users\Hoogy Boogie Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk, , [588c88580b7f0f278fa5dbec7c86758b],
Rogue.AntiMalwareDoctor, C:\Users\Hoogy Boogie Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk, , [588c88580b7f0f278fa5dbec7c86758b],

Physical Sectors: 0
(No malicious items detected)


(end)

 

C:\AdwCleaner\Quarantine\C\Users\Hoogy Boogie Man\AppData\Roaming\Mozilla\Firefox\Profiles\jwq9tvja.default\user.js.vir    JS/SecurityDisabler.A.Gen potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\1biq.exe.xBAD    a variant of Win32/VB.PGX trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\2427315354.exe.xBAD    a variant of Win32/Agent.SDL trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\2716671894.exe.xBAD    a variant of Win32/Agent.SDL trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\ao2gv.dll.xBAD    a variant of Win32/Ertfor.C trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\cbnn94gdkpl.exe.xBAD    a variant of Win32/Agent.SDL trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\e4m4x0.exe.xBAD    a variant of Win32/TrojanDownloader.Small.PGH trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\ei727tb1.exe.xBAD    a variant of Win32/TrojanClicker.Delf.NID trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\elev.exe.xBAD    a variant of Win32/Kryptik.GTE trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\iexplorer.exe.xBAD    Win32/Agent.ROS trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\kkb2l09j6.exe.xBAD    Win32/TrojanClicker.Delf.NID trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgb.exe.xBAD    a variant of Win32/Kryptik.GUD trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgc.exe.xBAD    a variant of Win32/Kryptik.GUA trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\Lgg.exe.xBAD    a variant of Win32/Kryptik.GUA trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\mkcxhunr.exe.xBAD    a variant of Win32/Cimag.DK trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\mszwutya.exe.xBAD    a variant of Win32/TrojanDownloader.Small.PGH trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\nmxesarwco.exe.xBAD    a variant of Win32/VB.PGX trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\o2wpz6uul.exe.xBAD    Win32/PSW.WOW.NOW trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\oklte.dll.xBAD    a variant of Win32/Ertfor.C trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\setup.exe.xBAD    a variant of Win32/Agent.SDL trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\tpcuqc.exe.xBAD    a variant of Win32/Ertfor.A trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\vkh9ohbk.exe.xBAD    Win32/TrojanDropper.VB.NPV trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\w7i2ivbw7n6.exe.xBAD    a variant of Win32/Agent.SDL trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\wonsermaxc.exe.xBAD    a variant of Win32/TrojanClicker.Delf.NKI trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\wsnxmeocra.exe.xBAD    a variant of Win32/Olmarik.ADU trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\wtpvaae.exe.xBAD    Win32/Adware.SpywareProtect2009 application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Hoogy Boogie Man\AppData\Local\Temp\ylxnq80y.exe.xBAD    Win32/Virut.NBP virus    cleaned - quarantined
C:\Users\Hoogy Boogie Man\AppData\Local\Ymeha.dat    Win32/Adware.SpywareProtect2009 application    cleaned by deleting - quarantined
C:\Users\Hoogy Boogie Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2320SLCL\quant[1].js    Win32/Adware.SpywareProtect2009 application    cleaned by deleting - quarantined
C:\Users\Hoogy Boogie Man\AppData\Local\Temp\wonsermaxc.exe    a variant of Win32/TrojanClicker.Delf.NKI trojan    cleaned by deleting - quarantined
C:\Users\Hoogy Boogie Man\AppData\Roaming\23605B286ADA4B13DFD56B3F1B7AD996\enemies-names.txt    Win32/Adware.AntimalwareDoctor.AE.Gen application    cleaned by deleting - quarantined
C:\Users\Hoogy Boogie Man\AppData\Roaming\23605B286ADA4B13DFD56B3F1B7AD996\local.ini    Win32/Adware.AntimalwareDoctor.AE.Gen application    cleaned by deleting - quarantined
C:\Users\Hoogy Boogie Man\AppData\Roaming\Mozilla\Firefox\Profiles\jwq9tvja.default\user.js    JS/SecurityDisabler.A.Gen potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat    a variant of Generik.JCVPCMR trojan    cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\sphlp.dll    Win32/Bamital.DV trojan    cleaned by deleting - quarantined
 


Edited by johneffinsmith, 12 July 2015 - 10:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users