Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista I believe is Infected with a bad virus HELP!!!!


  • This topic is locked This topic is locked
39 replies to this topic

#1 comptman

comptman

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 25 July 2015 - 06:22 PM

Mod Edit: Moved to proper forum for ComboFix logs ~~ boopme
 
First off thanks to anyone for helping me on this topic. So I have HP laptop running Windows Vista and when I log into the computer it takes a while to login and after a while the cursor goes to a circular bubble and just sits there I cannot do anything after that. I have run JRT, Adwcleaner, Tdsskiller,rkill and Combofix, it still does the same thing. I will attach a Combofix log below.
 
ComboFix 15-07-23.01 - Ronaldo 25/07/2015   3:08.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3062.2586 [GMT -4:00]
Running from: c:\users\Ronaldo\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ronaldo\AppData\Roaming\inst.exe
c:\windows\system32\config\systemprofile\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-25 to 2015-07-25  )))))))))))))))))))))))))))))))
.
.
2015-07-25 07:15 . 2015-07-25 07:15    --------    d-----w-    c:\users\Ronaldo\AppData\Local\temp
2015-07-25 07:15 . 2015-07-25 07:15    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-07-25 07:15 . 2015-07-25 07:15    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-07-25 07:15 . 2015-07-25 07:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-07-25 01:10 . 2015-07-25 06:27    98520    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-25 01:10 . 2015-07-25 01:10    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-07-25 01:10 . 2015-06-18 12:41    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-07-25 01:10 . 2015-06-18 12:41    94936    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-07-22 03:44 . 2015-07-22 03:44    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B3D44FE-C619-4389-9727-107559E30147}\offreg.4976.dll
2015-07-22 03:25 . 2015-07-15 01:33    9252608    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B3D44FE-C619-4389-9727-107559E30147}\mpengine.dll
2015-07-21 07:01 . 2015-07-14 16:02    34304    ----a-w-    c:\windows\system32\atmlib.dll
2015-07-21 07:01 . 2015-07-14 14:23    296960    ----a-w-    c:\windows\system32\atmfd.dll
2015-07-15 07:11 . 2015-06-25 02:57    2066432    ----a-w-    c:\windows\system32\win32k.sys
2015-07-15 07:11 . 2015-07-03 16:04    1316864    ----a-w-    c:\windows\system32\ole32.dll
2015-07-15 07:10 . 2015-06-17 15:09    73216    ----a-w-    c:\windows\system32\msiexec.exe
2015-07-15 07:10 . 2015-06-17 16:50    2264576    ----a-w-    c:\windows\system32\msi.dll
2015-07-15 07:10 . 2015-06-12 16:01    298496    ----a-w-    c:\windows\system32\gdi32.dll
2015-07-15 07:05 . 2015-05-31 08:11    225792    ----a-w-    c:\windows\system32\cewmdm.dll
2015-07-15 07:03 . 2015-06-27 16:02    218112    ----a-w-    c:\windows\system32\msv1_0.dll
2015-07-15 07:03 . 2015-06-27 14:21    217088    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 07:03 . 2015-06-27 14:21    81408    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 07:03 . 2015-01-09 00:17    107008    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 07:03 . 2015-06-27 16:03    783872    ----a-w-    c:\windows\system32\rpcrt4.dll
2015-07-15 07:03 . 2015-06-27 16:02    501248    ----a-w-    c:\windows\system32\kerberos.dll
2015-07-15 07:03 . 2015-06-27 16:01    801280    ----a-w-    c:\windows\system32\advapi32.dll
2015-07-15 07:03 . 2015-06-12 13:13    440768    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 07:00 . 2012-07-19 15:57    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-07-15 07:00 . 2011-10-28 01:33    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-24 05:29 . 2015-06-24 05:29    1217192    ----a-w-    c:\windows\system32\FM20.DLL
2015-06-23 17:27 . 2009-10-03 17:30    246952    ------w-    c:\windows\system32\MpSigStub.exe
2015-06-18 12:41 . 2013-05-24 14:03    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-05-04 22:50 . 2015-06-10 07:02    4096    ----a-w-    c:\windows\system32\msdxm.ocx
2015-05-04 22:50 . 2015-06-10 07:02    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2015-05-04 22:50 . 2015-06-10 07:02    7680    ----a-w-    c:\windows\system32\spwmp.dll
2015-05-04 21:21 . 2015-06-10 07:02    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2015-04-30 16:03 . 2015-05-14 07:36    279040    ----a-w-    c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-14 07:29    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn13\yt.dll" [2015-01-20 1582592]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 22:12    60712    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 20:27    89184    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-08-25 04:07    51048    ----a-w-    c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2014-12-31 15:30    688984    ----a-w-    c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-21 23:34    166424    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 13:03    75008    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47    480560    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-15 22:54    178712    ----a-w-    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-21 23:35    141848    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 19:04    40960    ----a-w-    c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
2007-08-24 08:49    607624    ----a-w-    c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-07 04:29    157480    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-31 00:36    57344    ----a-w-    c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54    554320    ----a-w-    c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic Device Manager for Multi-Function Station software]
2010-11-04 19:17    139264    ----a-w-    c:\program files\Panasonic\MFStation\PCCMFSDM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic IP Address Checker for Multi-Function Station software]
2010-10-25 20:19    139264    ----a-w-    c:\program files\Panasonic\MFStation\PccChgIP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic LPD Manager]
2010-10-29 14:51    151552    ----a-w-    c:\program files\Panasonic\MFStation\PCMFSMLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic PCFAX for Multi-Function Station software]
2011-01-05 15:44    811008    ----a-w-    c:\program files\Panasonic\MFStation\KmPcFax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 18:46    57393    ----a-w-    c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-21 23:34    133656    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31    202032    ----a-w-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27    468264    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-11-02 06:00    90448    ----a-w-    c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-09 22:50    4390912    ----a-w-    c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34    634880    ----a-w-    c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-23 20:32    126976    ----a-w-    c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 14:22    155648    ----a-r-    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 11:31    1033512    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13    218408    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53    311296    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 01:34    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-06 01:18    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 07:00]
.
2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-18 02:09]
.
2015-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-18 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ronaldo\AppData\Roaming\Mozilla\Firefox\Profiles\v3bmvji1.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-25 03:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1072)
c:\program files\Common Files\Panasonic\Panasonic-DMS\Quick Image Navigator\QnvShell12.dll
.
Completion time: 2015-07-25  03:18:45
ComboFix-quarantined-files.txt  2015-07-25 07:18
ComboFix2.txt  2014-04-19 01:28
.
Pre-Run: 121,230,987,264 bytes free
Post-Run: 121,505,964,032 bytes free
.
- - End Of File - - 68571F20E507BAB648D5351036AE2CEF
1A1A06F62E891045814007163C1C76C3
 
 
 
HIJACKTHIS LOG:::::::::::::::::::::
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:14:26 PM, on 25/07/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16669)

FIREFOX: 30.0 (en-US)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Users\Ronaldo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panasonic Local Printer Service - Panasonic System Networks Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9116 bytes
 
 
 
Hope someone can help me as soon as possible but I understand that everyone is busy. By the way if this is the wrong forum just let me now.

Edited by boopme, 25 July 2015 - 06:25 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 PM

Posted 28 July 2015 - 01:12 PM

Greetings comptman and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. If you can't run the below in Normal Boot please try it in Safe Mode.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 28 July 2015 - 07:38 PM

Okay thanks for helping me with this issue Oh My!

 

I hope you will be patient with me since this laptop belongs to my mother who can be demanding and wants things fixed right away, which I informed her this may take some time. I have read your reply and I hope I will be given everything to you the best I can, so here goes.

 

Attached is the zip of the sysinfo.

 

Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-07-2015
Ran by Ronaldo (administrator) on RONALDO-PC (28-07-2015 20:21:22)
Running from C:\Users\Ronaldo\Desktop
Loaded Profiles: Ronaldo (Available Profiles: Ronaldo)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-747272092-508780791-1629408846-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-747272092-508780791-1629408846-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-747272092-508780791-1629408846-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {D5BA47E8-9799-47EE-A7B8-F142CFA6B57E} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn13\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24] (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll [2008-02-25] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2009-09-19] (Yahoo! Inc)
Toolbar: HKLM - Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24] (Symantec Corporation)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{93ECC281-9FDE-4376-A411-B1A4EBCD3074}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ronaldo\AppData\Roaming\Mozilla\Firefox\Profiles\v3bmvji1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-12-15] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\system32\npdeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-14] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Ronaldo\AppData\Roaming\Mozilla\Firefox\Profiles\v3bmvji1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-04]
FF HKU\S-1-5-21-747272092-508780791-1629408846-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR Profile: C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-17]
CHR Extension: (Google Drive) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-17]
CHR Extension: (YouTube) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-17]
CHR Extension: (Adblock Plus) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-18]
CHR Extension: (Google Search) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-17]
CHR Extension: (Google Wallet) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
CHR Extension: (Gmail) - C:\Users\Ronaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [243064 2007-08-23] (Symantec Corporation)
S2 ccEvtMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-25] (Symantec Corporation)
S2 ccSetMgr; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-25] (Symantec Corporation)
S2 CLTNetCnService; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-25] (Symantec Corporation)
S3 Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 comHost; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [55640 2007-08-22] (Symantec Corporation)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3192184 2007-08-23] (Symantec Corporation)
S2 LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [149864 2007-08-25] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 Panasonic Local Printer Service; C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed]
S2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [271760 2007-12-19] ()
S2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112016 2007-12-19] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1245064 2008-02-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CO_Mon; C:\Windows\system32\drivers\CO_Mon.sys [36056 2007-08-08] (Symantec Corporation)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20070823.002\IDSvix86.sys [180272 2007-08-15] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVENG.SYS [81232 2007-11-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20071105.016\NAVEX15.SYS [865904 2007-11-05] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [446512 2007-08-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [278576 2007-07-31] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-07-31] (Symantec Corporation)
S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-07-31] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [123952 2008-02-25] (Symantec Corporation)
S3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
S3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [31280 2007-08-09] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [22320 2007-08-13] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188464 2007-08-13] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Ronaldo\AppData\Local\Temp\catchme.sys [X]
U1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 20:21 - 2015-07-28 20:21 - 00015458 _____ C:\Users\Ronaldo\Desktop\FRST.txt
2015-07-28 20:20 - 2015-07-28 20:21 - 00000000 ____D C:\FRST
2015-07-28 20:20 - 2015-07-28 20:16 - 01650688 _____ (Farbar) C:\Users\Ronaldo\Desktop\FRST.exe
2015-07-28 20:19 - 2015-07-28 20:19 - 01734402 _____ C:\Users\Ronaldo\Desktop\sysinfo.nfo
2015-07-25 19:14 - 2015-07-25 19:14 - 00009117 _____ C:\Users\Ronaldo\Desktop\hijackthis.log
2015-07-25 19:14 - 2015-07-25 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ronaldo\Desktop\HijackThis.exe
2015-07-25 18:40 - 2015-07-25 18:40 - 00142824 _____ C:\Windows\Minidump\Mini072515-03.dmp
2015-07-25 18:07 - 2015-07-25 18:07 - 00142824 _____ C:\Windows\Minidump\Mini072515-02.dmp
2015-07-25 11:25 - 2015-07-25 18:40 - 00000000 ____D C:\Windows\Minidump
2015-07-25 11:25 - 2015-07-25 18:39 - 252659485 _____ C:\Windows\MEMORY.DMP
2015-07-25 11:25 - 2015-07-25 11:25 - 00142824 _____ C:\Windows\Minidump\Mini072515-01.dmp
2015-07-25 03:18 - 2015-07-25 03:18 - 00016288 _____ C:\ComboFix.txt
2015-07-25 02:31 - 2015-07-25 03:18 - 00000000 ____D C:\Qoobox
2015-07-25 02:31 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-25 02:31 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-25 02:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-25 02:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-25 02:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-25 02:31 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-25 02:31 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-25 02:31 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-25 02:09 - 2015-07-25 01:42 - 05633622 ____R (Swearware) C:\Users\Ronaldo\Desktop\ComboFix.exe
2015-07-25 02:05 - 2015-07-25 02:05 - 00004734 _____ C:\Users\Ronaldo\Desktop\Rkill.txt
2015-07-25 02:04 - 2015-07-25 02:04 - 00003622 _____ C:\Users\Ronaldo\Desktop\JRT.txt
2015-07-25 01:55 - 2015-07-25 01:55 - 00000000 ____D C:\Users\Ronaldo\Desktop\RON
2015-07-25 01:14 - 2015-07-25 01:14 - 00000000 ____D C:\Windows\pss
2015-07-24 21:10 - 2015-07-25 10:54 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-24 21:10 - 2015-07-24 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-24 21:10 - 2015-07-24 21:10 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-24 21:10 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-24 21:10 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-21 10:45 - 2015-07-21 10:48 - 09542733 _____ C:\Users\Ronaldo\Downloads\Phil Malta(1).mp4
2015-07-21 03:01 - 2015-07-14 12:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 03:01 - 2015-07-14 10:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 03:11 - 2015-07-03 12:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:11 - 2015-06-24 22:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:10 - 2015-06-17 12:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:10 - 2015-06-17 11:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:10 - 2015-06-12 12:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:05 - 2015-05-31 04:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:03 - 2015-06-27 12:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:03 - 2015-06-27 12:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:03 - 2015-06-27 12:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:03 - 2015-06-27 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 03:03 - 2015-06-27 10:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:03 - 2015-06-27 10:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:03 - 2015-06-12 09:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:03 - 2015-01-08 20:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 00:09 - 2015-07-03 01:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 00:09 - 2015-07-03 01:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 00:09 - 2015-06-16 21:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 00:09 - 2015-06-16 21:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 00:09 - 2015-06-16 21:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 00:09 - 2015-06-16 21:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 00:09 - 2015-06-16 21:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 00:09 - 2015-06-16 21:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 00:09 - 2015-06-16 21:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 00:09 - 2015-06-16 21:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 00:09 - 2015-06-16 21:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 00:09 - 2015-06-16 21:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 00:09 - 2015-06-16 21:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-28 20:19 - 2006-11-02 06:33 - 01649766 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-28 20:14 - 2010-03-06 00:25 - 00001356 _____ C:\Users\Ronaldo\AppData\Local\d3d9caps.dat
2015-07-25 18:14 - 2008-05-25 04:51 - 01522899 _____ C:\Windows\WindowsUpdate.log
2015-07-25 18:13 - 2012-07-19 11:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-25 18:07 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 18:07 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 18:07 - 2006-11-02 08:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-25 10:55 - 2013-10-17 22:09 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 10:54 - 2014-05-16 03:29 - 00015172 _____ C:\Windows\PFRO.log
2015-07-25 03:15 - 2006-11-02 06:23 - 00000215 _____ C:\Windows\system.ini
2015-07-25 02:58 - 2006-11-02 09:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-25 02:30 - 2014-04-18 21:10 - 00000000 ____D C:\Windows\erdnt
2015-07-25 01:56 - 2008-12-29 01:41 - 00000000 ____D C:\Users\Ronaldo
2015-07-25 01:43 - 2014-04-18 20:14 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Ronaldo\Desktop\JRT.exe
2015-07-25 01:16 - 2014-04-18 20:21 - 00000000 ____D C:\AdwCleaner
2015-07-24 22:21 - 2008-05-25 05:05 - 00000279 _____ C:\Users\Public\Documents\hpqp.ini
2015-07-24 21:36 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Provisioning
2015-07-24 21:10 - 2013-05-24 10:03 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-24 21:10 - 2013-05-24 10:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-24 09:17 - 2013-10-17 22:10 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 00:23 - 2011-10-27 21:33 - 00000000 ____D C:\Users\Ronaldo\AppData\Roaming\HpUpdate
2015-07-21 03:21 - 2006-11-02 08:47 - 00400664 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-19 00:57 - 2013-07-17 20:33 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 03:09 - 2008-12-29 03:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 03:00 - 2012-07-19 11:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 03:00 - 2011-10-27 21:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-05 10:24 - 2014-04-18 21:36 - 00006408 _____ C:\Windows\setupact.log
2015-07-03 08:49 - 2006-11-02 06:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2014-03-25 23:07 - 2014-03-25 23:08 - 0000316 _____ () C:\Users\Ronaldo\AppData\Roaming\aps.uninstall.scan.results
2014-03-25 23:10 - 2014-03-25 23:10 - 0005265 _____ () C:\Users\Ronaldo\AppData\Roaming\callbanner.png
2009-01-01 17:22 - 2009-01-01 17:35 - 0007887 _____ () C:\Users\Ronaldo\AppData\Roaming\pcouffin.cat
2009-01-01 17:22 - 2009-01-01 17:35 - 0001144 _____ () C:\Users\Ronaldo\AppData\Roaming\pcouffin.inf
2009-01-01 17:23 - 2009-01-01 17:35 - 0000033 _____ () C:\Users\Ronaldo\AppData\Roaming\pcouffin.log
2009-01-01 17:22 - 2009-01-01 17:35 - 0047360 _____ (VSO Software) C:\Users\Ronaldo\AppData\Roaming\pcouffin.sys
2009-07-27 13:19 - 2010-03-31 16:38 - 0000070 _____ () C:\Users\Ronaldo\AppData\Roaming\wklnhst.dat
2008-12-30 03:11 - 2008-12-30 03:11 - 0000000 _____ () C:\Users\Ronaldo\AppData\Local\AtStart.txt
2013-12-27 21:36 - 2013-12-27 21:36 - 0000552 _____ () C:\Users\Ronaldo\AppData\Local\d3d8caps.dat
2010-03-06 00:25 - 2015-07-28 20:14 - 0001356 _____ () C:\Users\Ronaldo\AppData\Local\d3d9caps.dat
2011-11-28 22:14 - 2013-12-27 21:35 - 0010752 _____ () C:\Users\Ronaldo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-30 03:11 - 2008-12-30 03:11 - 0000000 _____ () C:\Users\Ronaldo\AppData\Local\DSwitch.txt
2008-12-30 03:11 - 2008-12-30 03:11 - 0000000 _____ () C:\Users\Ronaldo\AppData\Local\QSwitch.txt
2013-05-23 23:53 - 2013-05-23 23:53 - 2250054 _____ () C:\ProgramData\1.bmp
2013-05-23 23:53 - 2013-05-23 23:53 - 0430954 _____ () C:\ProgramData\1.jpg
2008-12-29 03:31 - 2008-12-29 03:31 - 0000370 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-26 19:06

==================== End of log ============================

 

 

Here is the Addition.txt file::::::::::::

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Ronaldo at 2015-07-28 20:22:24
Running from C:\Users\Ronaldo\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-747272092-508780791-1629408846-500 - Administrator - Disabled)
Guest (S-1-5-21-747272092-508780791-1629408846-501 - Limited - Disabled)
Ronaldo (S-1-5-21-747272092-508780791-1629408846-1000 - Administrator - Enabled) => C:\Users\Ronaldo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
BlackBerry Device Manager 7.0 (HKLM\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-747272092-508780791-1629408846-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
VirtualDJ 8 (HKLM\...\{64E6E45E-3583-4D2D-8C35-5BD2B4890AC5}) (Version: 8.0.2305.0 - Atomix Productions)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{326787D9-37B9-47A6-B539-EE13E7B04B8B}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{82D1C283-A637-4A07-B1EC-8C7AE661EAF1}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManagerps.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-747272092-508780791-1629408846-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgrPs.dll (Research In Motion Limited)

==================== Restore Points =========================

21-05-2015 23:58:21 Windows Update
28-05-2015 23:30:51 Language Pack Removal
29-05-2015 00:05:07 Language Pack Removal
04-06-2015 17:12:46 Windows Update
07-06-2015 21:40:14 Windows Update
09-06-2015 23:50:40 Scheduled Checkpoint
10-06-2015 03:01:54 Windows Update
10-06-2015 03:58:10 Language Pack Removal
13-06-2015 00:05:28 Installed VirtualDJ 8
27-06-2015 20:54:42 Windows Update
27-06-2015 23:58:04 Language Pack Removal
29-06-2015 00:04:42 Scheduled Checkpoint
30-06-2015 01:47:40 Language Pack Removal
01-07-2015 10:11:05 Windows Update
05-07-2015 01:46:46 Windows Update
05-07-2015 01:56:28 Language Pack Removal
05-07-2015 23:56:40 Language Pack Removal
09-07-2015 00:31:26 Language Pack Removal
10-07-2015 07:10:48 Language Pack Removal
14-07-2015 23:48:54 Language Pack Removal
15-07-2015 00:07:34 Windows Update
15-07-2015 03:01:17 Windows Update
17-07-2015 08:53:10 Language Pack Removal
17-07-2015 18:51:33 Language Pack Removal
19-07-2015 00:41:37 Scheduled Checkpoint
19-07-2015 00:42:45 Windows Update
21-07-2015 03:01:01 Windows Update
21-07-2015 03:37:04 Language Pack Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2015-07-25 03:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {193F0AAC-F1AC-4FE6-9325-376B33A94D56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {22253291-DB81-4CF9-A082-CF6C57830058} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-17] (Google Inc.)
Task: {4C7B7AC7-FF38-4A10-9A0B-292301B76819} - \VisualBeeRecovery No Task File <==== ATTENTION
Task: {5CB957A9-78D2-4AB3-929B-E7084817151C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5D0AC0DD-0367-4ED2-B1C8-CEF809A9B647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-17] (Google Inc.)
Task: {7B29147F-E97B-4464-8DFE-19560793DAF1} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {9B0494FB-C12B-4CEF-B859-500CAB67BFE8} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {D3AB8D46-E7C5-41E7-87F6-FD2283B65DFF} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {E57613DE-B45B-4D2C-95BB-1B161DF76622} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-09-28] ()
Task: {F512FCC8-1E19-411B-9C99-B236C1A79212} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {F61ED425-7E6D-4A63-81C3-8AAD8CCC06FF} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ronaldo => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {F93E47AF-F686-4339-88CF-EF216C4AA722} - System32\Tasks\DTReg => C:\Users\Ronaldo\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {FC867CF8-B4B1-41DC-B8BC-F467BF71E040} - System32\Tasks\Microsoft\Windows\RestartManager\{7DA23F1F-089F-4972-9BEA-FC4A7C61E640} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AC9C6AC1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-747272092-508780791-1629408846-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HPSplash.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ccApp => "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: isCfgWiz => "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MAAgent => C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
MSCONFIG\startupreg: OnScreenDisplay => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
MSCONFIG\startupreg: Panasonic Device Manager for Multi-Function Station software => C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
MSCONFIG\startupreg: Panasonic IP Address Checker for Multi-Function Station software => C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
MSCONFIG\startupreg: Panasonic LPD Manager => C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
MSCONFIG\startupreg: Panasonic PCFAX for Multi-Function Station software => C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QlbCtrl => %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: SMSERIAL => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
MSCONFIG\startupreg: SMSTray => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
MSCONFIG\startupreg: WAWifiMessage => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D55DC8E9-709A-4D16-A452-7CBBD4762706}] => (Allow) C:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{9F65A5E2-A226-40D4-94FC-9604BD237E1A}] => (Allow) C:\Program Files\HP\QuickPlay\QP.exe
FirewallRules: [{EBB60FE5-EB44-4940-AF96-2A4938C1F531}] => (Allow) C:\Program Files\HP\QuickPlay\QPService.exe
FirewallRules: [{5361CCDB-2CC2-4B82-8F3E-F3AD0B42ECFF}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{4DE899E9-C81C-4129-8E59-A950DF93CD2E}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [TCP Query User{B6567E6D-B1E9-4396-850D-B5C2E99B2EAF}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{FF6C2111-8B07-43EB-BEFE-3064F4E46E39}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{74ED5061-3862-414D-837C-3D982DB04CF2}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6271F154-446F-4781-98CE-F17F65CAAFDB}] => (Allow) svchost.exe
FirewallRules: [{FDBD7D7E-8405-4BB4-B8FA-CD48D34DC69E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{F6A468AA-DF17-4938-9E52-7DE68A727592}] => (Allow) LPort=80
FirewallRules: [{44B2860B-C5C2-42E9-996A-295AF7A48304}] => (Allow) LPort=80
FirewallRules: [{53EA9A6D-8CF8-4FE6-8FAD-4721376CC534}] => (Allow) LPort=80
FirewallRules: [TCP Query User{6FFC79B9-0E62-40A8-B490-A966B497FD12}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{CDEFCEC9-AB4B-4BD7-99B0-3D8AC9A248C6}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{B78A40BA-3B98-4134-9EE0-A86538BAA409}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{D209458A-2A57-4D94-9B0C-604822905C54}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{A1BB125B-7C47-400B-9296-2E65C598AED9}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{40BDDF5B-CF5F-41BA-8668-CECB6ED5C5E4}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{FFDE5AC2-457B-461E-B680-7A7E76D703DB}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{86728E7E-6982-4BB0-B6E1-E33198DC2863}] => (Allow) LPort=2869
FirewallRules: [{C503AC62-9A08-48A4-A09B-0E2D49BAAD7C}] => (Allow) LPort=1900
FirewallRules: [{6FA5D11B-8B9B-41E5-8E77-CEBC25F88C73}] => (Allow) C:\Windows\system32\pccmflpd.exe
FirewallRules: [{2D417E19-7611-4F5B-B694-2866AFA8167B}] => (Allow) C:\Windows\system32\pccmflpd.exe
FirewallRules: [{F44DD904-2028-418E-BF91-665D630B6729}] => (Allow) C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
FirewallRules: [{8F0F0BD0-0BB0-4D9E-96C8-3A4781DE42BE}] => (Allow) C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
FirewallRules: [{D58F4D9E-FFF9-49E8-942A-D16699D57B8A}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1DCF8E43-236F-4DFF-9187-1684A5FDA55E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{10F22D79-420C-4F7C-BEE7-A9E376BC2790}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0CC970D0-FC61-4675-BC90-F19CB06FEBEA}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2015 08:12:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2015 08:12:07 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/26/2015 11:27:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (07/25/2015 06:44:43 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:44:43 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:44:40 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/25/2015 06:44:40 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:44:40 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:41:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2015 06:41:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SYMTDI
tdx
Wanarpv6
ws2ifsl

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network ConnectionsNetwork Store Interface Service%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IP HelperNetwork Store Interface Service%%1068

Error: (07/28/2015 08:12:46 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068


Microsoft Office:
=========================
Error: (07/28/2015 08:12:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2015 08:12:07 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/26/2015 11:27:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (07/25/2015 06:44:43 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:44:43 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:44:40 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (07/25/2015 06:44:40 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:44:40 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 2354616

Error: (07/25/2015 06:41:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2015 06:41:18 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


CodeIntegrity Error:
===================================
  Date: 2015-07-28 20:22:14.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:14.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:13.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:13.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:12.808
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:12.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:11.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:22:11.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:21:38.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-28 20:21:37.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 20%
Total physical RAM: 3061.68 MB
Available physical RAM: 2433.34 MB
Total Virtual: 6325.64 MB
Available Virtual: 5965.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.26 GB) (Free:112.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.62 GB) (Free:2.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (ROGERS) (Removable) (Total:0.12 GB) (Free:0.1 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2E729D28)
Partition 1: (Active) - (Size=221.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 122.5 MB) (Disk ID: 0026111E)
Partition 1: (Active) - (Size=123 MB) - (Type=06)

==================== End of log ============================

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 PM

Posted 28 July 2015 - 07:55 PM

I completely understand. We will do the best we can to speed things along.

Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-747272092-508780791-1629408846-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\Users\Ronaldo\AppData\Local\Temp\catchme.sys [X]
U1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {4C7B7AC7-FF38-4A10-9A0B-292301B76819} - \VisualBeeRecovery No Task File 
Task: {F93E47AF-F686-4339-88CF-EF216C4AA722} - System32\Tasks\DTReg => C:\Users\Ronaldo\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe
C:\Users\Ronaldo\AppData\Roaming\DefaultTab\DefaultTab
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AC9C6AC1
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uploading Minidump Files

--------------------
  • Press the Windows Key + E at the same time then navigate to the following location:

C:\WINDOWS\Minidump

  • If they exist, upload the last 3 most recently dated files here
  • Notify me on the post when the files have been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Uploaded Minidump files
  • Update on computer startup

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 28 July 2015 - 09:25 PM

Okay here is the Fixlog information::::::::

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-07-2015
Ran by Ronaldo at 2015-07-28 22:03:33 Run:1
Running from C:\Users\Ronaldo\Desktop
Loaded Profiles: Ronaldo (Available Profiles: Ronaldo)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-747272092-508780791-1629408846-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\Users\Ronaldo\AppData\Local\Temp\catchme.sys [X]
U1 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {4C7B7AC7-FF38-4A10-9A0B-292301B76819} - \VisualBeeRecovery No Task File
Task: {F93E47AF-F686-4339-88CF-EF216C4AA722} - System32\Tasks\DTReg => C:\Users\Ronaldo\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe
C:\Users\Ronaldo\AppData\Roaming\DefaultTab\DefaultTab
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AC9C6AC1
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-747272092-508780791-1629408846-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
catchme => service removed successfully.
eabfiltr => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C7B7AC7-FF38-4A10-9A0B-292301B76819}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C7B7AC7-FF38-4A10-9A0B-292301B76819}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBeeRecovery" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F93E47AF-F686-4339-88CF-EF216C4AA722}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F93E47AF-F686-4339-88CF-EF216C4AA722}" => key removed successfully.
C:\Windows\System32\Tasks\DTReg => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg" => key removed successfully.
"C:\Users\Ronaldo\AppData\Roaming\DefaultTab\DefaultTab" => File/Folder not found.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully..
C:\ProgramData\TEMP => ":AC9C6AC1" ADS removed successfully..


The system needed a reboot.

==== End of Fixlog 22:03:34 ====

 

I have posted the Minidump files to the suggested posted area.

 

As for the startup of the computer it actual was able to startup and I am able to manuever on the desktop without the mouse going to a bubble. I will put the item back in msconfig to startup again unless this is a problem.



#6 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 28 July 2015 - 09:29 PM

There is a X item on the taskbar when I clicked on it the mouse just went to the bubble and the system is now frozen. When I put the cursor on the taskbar it goes to a circle bubble and just sites there.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 PM

Posted 28 July 2015 - 09:45 PM

OK, this is what I would like you to do next.

===================================================

Using VGA Driver in Normal Mode

--------------------
  • Click the Windows key + R at the same time
  • Type msconfig and hit Enter
  • Click the Boot tab (for XP click BOOT.INI)
  • Place a check mark in Base video, then click OK
  • Restart your computer
  • Your screen resolution will look different as if it was in Safe Mode, that is normal
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How does the computer perform?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 28 July 2015 - 11:02 PM

OKay put it to base video. Check your computer security came up again with a red X on the taskbar. When I hoover over it, its shows as Windows Security Alerts. When I click on an item on the desktop the mouse just goes to a circle and it freezes.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 PM

Posted 29 July 2015 - 09:00 AM

Thank you. You can reverse the Base Video steps.

Please take a screen shot of the Security Alert window and attach it to your reply. In addition, run these for me.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached screen shot
  • ESET log
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 29 July 2015 - 04:27 PM

Well doing these instructions are not easy when the system is booted up it just freezes. Can I run roguekiller in Safe Mode and also Eset antivirus ( how that needs internet access). It seems when I boot up the laptop in safe mode with network access after a while it also freeze up. Any suggestions?



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 PM

Posted 29 July 2015 - 05:08 PM

Are you able to take a screen shot of the Windows Security Alert?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 29 July 2015 - 05:22 PM

No I try using snipping tool and when I try to save the file the system freezes up. I try to do a prt scrn and when I try to paste it to paint it freezes.



#13 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 29 July 2015 - 05:23 PM

The only way of getting out of it is doing a hard reset of the laptop by shutting the power off, cannot even get task manager up to see what tasks are running.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:25 PM

Posted 29 July 2015 - 05:52 PM

Are you currently experiencing any issues while in Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 comptman

comptman
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:02:25 AM

Posted 29 July 2015 - 05:57 PM

The security message or X does not come up in Safe Mode but I did try to run Roguekiller but it did not work I think it needs the internet to create the report.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users