Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with JS/Worm


  • This topic is locked This topic is locked
54 replies to this topic

#1 seastone123

seastone123

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 30 July 2015 - 06:24 AM

I run AVG anti-virus, and it continues to notify me of multple JS/Worm and other JS/ viruses that it cannot seem to "heal." I've received help in the "Am I Infected?" forum, and I was sent over here after I have conintued to have issues. You can read the backstory and what was done so far here: http://www.bleepingcomputer.com/forums/t/583870/multiple-js-viruses-found-on-avg-unable-to-heal/
 
Here's the FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2015
Ran by Luke (administrator) on LUKE_LAPTOP (30-07-2015 07:04:09)
Running from C:\Users\Luke\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Bradford Networks) C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
( ) C:\Windows\System32\lxcrcoms.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\Toshiba\IVP\ISM\pinger.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
() C:\Toshiba\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(Chicony) C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
() C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
() C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [413696 2007-05-22] (Chicony)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [49168 2006-12-03] (UPEK Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-08-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-27] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] => NDSTray.exe
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115816 2007-01-10] (Symantec Corporation)
HKLM\...\Run: [nppCfgWiz] => C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe [534152 2007-01-12] (Symantec Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [lxcrmon.exe] => C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [291760 2007-01-11] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [963976 2010-12-20] (Malwarebytes Corporation)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598912 2015-05-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_51\bin\jusched.exe"
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll [2006-12-03] (UPEK Inc.)
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-18] (Google Inc.)
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\...\Run: [Google Update] => C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-30] (Google Inc.)
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\Luke\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 8fe0e8c0411347d6a224d14a3c5bec37-3443f0525c04127f60267d75348361231adcb89c --CMPID ROC_APR2013_AV --CMPI (the data entry has 11 more characters).
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\...\Run: [AVG-Secure-Search-Update_0715av] => C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe [2579344 2015-07-07] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [143360 2007-11-06] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2008-08-03]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Protector Suite QL\farchns.dll [2006-12-03] (UPEK Inc.)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Protector Suite QL\farchns.dll [2006-12-03] (UPEK Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> {730DE9D1-4495-4185-AFBE-FE35880B07C5} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> {0E5B3808-904D-425A-B911-F5E853C4BA15} URL = http://www.dealio.com/products.html?kwd={searchTerms}
SearchScopes: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> {8691A1B7-BFDE-4A21-A1B6-02D1A049DB40} URL = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-24] (Symantec Corporation)
BHO: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21] (Threat Expert Ltd.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-23] (RealPlayer)
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
BHO: Yahoo! IE Services Button -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12] (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)
BHO: Google Gears Helper -> {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23] (Google Inc.)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-24] (Symantec Corporation)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21] (Threat Expert Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-21] (Threat Expert Ltd.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_51-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll [2015-05-19] (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-08-29] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B17B6973-598F-45E9-81D4-EFA32880138D}: [DhcpNameServer] 10.20.70.8
Tcpip\..\Interfaces\{CCD36850-42BB-4C40-8044-CFD8C47309E3}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\5hs539a2.default-1430423417145
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-21] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-10-01] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [2010-10-23] ( )
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2008-08-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2008-08-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2008-08-23] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-2338171971-2819180464-160824893-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Luke\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2338171971-2819180464-160824893-1000: @talk.google.com/O1DPlugin -> C:\Users\Luke\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2338171971-2819180464-160824893-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-2338171971-2819180464-160824893-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmusicn.dll [2008-04-02] (Musicnotes, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-06-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-10-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2008-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2008-08-23] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPSibelius.dll [2008-09-10] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2007-04-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2008-09-10] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Luke\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Luke\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2008-08-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox [2010-03-06]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-10-09]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2013-01-01]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2015-05-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-10-01] (Apple Inc.)
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554616 2007-01-31] (Symantec Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5176832 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [198616 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 BNPagent; C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe [2653576 2007-06-21] (Bradford Networks)
R2 Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [112592 2010-01-21] (Threat Expert Ltd.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-15] (TOSHIBA CORPORATION) [File not signed]
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-10] (Symantec Corporation)
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [643072 2007-03-06] (Intel Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [181784 2007-09-24] (WildTangent, Inc.)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1862144 2007-11-06] (Google) [File not signed]
S2 gupdate1c9865f7df73d60; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-04-30] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2975352 2007-01-31] (Symantec Corporation)
R2 lxcr_device; C:\Windows\system32\lxcrcoms.exe [537520 2006-12-11] ( )
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2012-10-30] (Nitro PDF Software)
R2 pinger; C:\Toshiba\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-03-06] (Intel Corporation) [File not signed]
S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [365280 2009-12-09] (PC Tools)
S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1141712 2010-01-18] (PC Tools)
R2 Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
R3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174664 2007-11-06] (Symantec Corporation)
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [47712 2007-01-05] (Symantec Corporation)
R2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-09-19] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142600 2015-05-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [26504 2015-05-19] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [25352 2015-05-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19976 2015-05-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250632 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [43272 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [34184 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Cdr4_xp; C:\Windows\system32\Drivers\Cdr4_xp.sys [2432 2006-10-04] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\Windows\system32\Drivers\Cdralw2k.sys [2560 2006-10-04] (Sonic Solutions) [File not signed]
R2 CWMonitor; C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys [38752 2007-01-12] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [387384 2007-01-10] (Symantec Corporation)
S4 KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION) [File not signed]
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [207280 2009-09-23] (PC Tools)
R3 QIOMem; C:\Windows\System32\DRIVERS\QIOMem.sys [8192 2007-04-09] (TOSHIBA)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [417592 2007-01-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2007-11-06] (Symantec Corporation)
S3 US122; C:\Windows\System32\Drivers\US122.sys [131968 2007-08-29] (Frontier Design Group, LLC)
S3 US122DL; C:\Windows\System32\Drivers\US122DL.sys [18304 2007-08-29] (Frontier Design Group)
S3 Us122WdmService; C:\Windows\System32\Drivers\US122Wdm.sys [39168 2007-08-29] (Frontier Design Group, LLC)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-04-16] (Chicony Electronics Co., Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 07:04 - 2015-07-30 07:05 - 00029242 _____ C:\Users\Luke\Desktop\FRST.txt
2015-07-30 07:03 - 2015-07-30 07:04 - 00000000 ____D C:\FRST
2015-07-30 07:02 - 2015-07-30 07:02 - 01673728 _____ (Farbar) C:\Users\Luke\Desktop\FRST.exe
2015-07-29 22:42 - 2015-07-29 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-29 07:16 - 2015-07-29 07:16 - 00000000 ____D C:\Windows\Sun
2015-07-29 07:15 - 2015-07-29 07:10 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-29 07:09 - 2015-07-29 07:15 - 00000000 ____D C:\ProgramData\Oracle
2015-07-29 07:06 - 2015-07-29 07:06 - 00562784 _____ (Oracle Corporation) C:\Users\Luke\Downloads\jxpiinstall(1).exe
2015-07-29 06:53 - 2015-07-29 06:54 - 00124678 _____ C:\Users\Luke\Desktop\results.bmp
2015-07-28 20:48 - 2015-07-29 06:40 - 00000000 ____D C:\KVRT_Data
2015-07-28 20:43 - 2015-07-28 20:47 - 99974816 _____ (Kaspersky Lab ZAO) C:\Users\Luke\Downloads\KVRT.exe
2015-07-25 20:48 - 2015-07-30 06:55 - 00000520 _____ C:\Windows\Tasks\AVG_SYS_TASK_0715av.job
2015-07-25 20:48 - 2015-07-30 06:55 - 00000406 _____ C:\Windows\Tasks\AVG_SYS_TASK_0715av_DELETE.job
2015-07-25 20:48 - 2015-07-25 20:48 - 00000000 ____D C:\ProgramData\Avg_Update_0715av
2015-07-23 20:16 - 2015-07-23 20:16 - 00000490 _____ C:\Users\Luke\Desktop\eset.txt
2015-07-23 14:41 - 2015-07-23 14:41 - 00000000 ____D C:\Program Files\ESET
2015-07-23 14:39 - 2015-07-23 14:40 - 02870984 _____ (ESET) C:\Users\Luke\Desktop\esetsmartinstaller_enu.exe
2015-07-23 14:35 - 2015-07-23 14:35 - 00001597 _____ C:\Users\Luke\Desktop\JRT.txt
2015-07-23 14:16 - 2015-07-23 14:16 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Luke\Desktop\JRT.exe
2015-07-23 14:05 - 2015-07-23 14:09 - 00000000 ____D C:\AdwCleaner
2015-07-23 14:03 - 2015-07-23 14:03 - 02248704 _____ C:\Users\Luke\Desktop\AdwCleaner.exe
2015-07-23 14:00 - 2015-07-23 14:00 - 00037438 _____ C:\Users\Luke\Downloads\Result1.txt
2015-07-23 13:56 - 2015-07-23 14:01 - 00037515 _____ C:\Users\Luke\Downloads\Result.txt
2015-07-23 13:55 - 2015-07-23 13:55 - 00892928 _____ (Farbar) C:\Users\Luke\Downloads\MiniToolBox.exe
2015-07-23 13:10 - 2015-07-23 13:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-23 11:55 - 2015-07-23 11:55 - 00000634 _____ C:\Windows\PFRO.log
2015-07-21 15:03 - 2015-07-21 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 07:02 - 2006-11-02 06:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-30 06:58 - 2007-12-19 22:52 - 01157695 _____ C:\Windows\WindowsUpdate.log
2015-07-30 06:55 - 2010-03-20 12:32 - 00000000 ____D C:\ProgramData\TEMP
2015-07-30 06:55 - 2009-06-30 22:11 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-30 06:55 - 2006-11-02 09:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-30 06:55 - 2006-11-02 08:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-30 06:55 - 2006-11-02 08:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 22:55 - 2006-11-02 09:01 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-29 22:43 - 2011-03-15 10:16 - 00000000 ____D C:\ProgramData\MFAData
2015-07-29 22:42 - 2011-10-09 23:16 - 00000853 _____ C:\Users\Public\Desktop\AVG 2012.lnk
2015-07-29 22:36 - 2011-03-15 10:23 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2015-07-29 07:14 - 2007-11-06 16:50 - 00000000 ____D C:\Program Files\Java
2015-07-29 07:13 - 2008-07-31 00:50 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-29 07:10 - 2009-06-30 22:20 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338171971-2819180464-160824893-1000UA.job
2015-07-29 07:10 - 2009-06-30 22:11 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 06:58 - 2009-01-14 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-07-29 06:41 - 2010-03-20 12:12 - 00000000 ____D C:\Users\Luke\Desktop\spywareremove
2015-07-29 06:31 - 2013-05-01 18:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-23 15:10 - 2009-06-30 22:20 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338171971-2819180464-160824893-1000Core.job
2015-07-23 14:12 - 2013-04-22 16:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-23 13:41 - 2013-12-14 22:09 - 00001982 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 15:19 - 2013-05-01 18:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-21 15:19 - 2011-05-31 08:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-21 15:19 - 2008-03-23 14:55 - 00000000 ____D C:\Users\Luke\AppData\Local\Adobe
2015-07-21 15:03 - 2015-04-30 16:06 - 00001922 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-21 15:03 - 2015-04-30 16:06 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== Files in the root of some directories =======

2009-10-15 00:34 - 2009-10-15 00:34 - 0000118 _____ () C:\Users\Luke\AppData\Roaming\wklnhst.dat
2010-03-20 11:48 - 2010-03-20 12:01 - 0010722 ___SH () C:\Users\Luke\AppData\Local\2tOwNf7N
2008-08-11 21:25 - 2011-03-14 12:03 - 0000680 _____ () C:\Users\Luke\AppData\Local\d3d9caps.dat
2008-03-23 01:28 - 2011-03-14 12:03 - 0031232 _____ () C:\Users\Luke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-03-20 11:48 - 2010-03-20 12:01 - 0010722 ___SH () C:\ProgramData\2tOwNf7N
2008-09-13 00:29 - 2008-09-13 00:29 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Luke\AppData\Local\temp\Quarantine.exe
C:\Users\Luke\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-30 07:01

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015
Ran by Luke (2015-07-30 07:06:25)
Running from C:\Users\Luke\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2338171971-2819180464-160824893-500 - Administrator - Disabled)
Guest (S-1-5-21-2338171971-2819180464-160824893-501 - Limited - Disabled)
Luke (S-1-5-21-2338171971-2819180464-160824893-1000 - Administrator - Enabled) => C:\Users\Luke

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2012 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2012 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AIM 6 (HKLM\...\AIM_6) (Version: - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Any Video Converter 2.6.3 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AppCore (Version: 1 - Symantec Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}) (Version: 2.1.1.13 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Artweaver 0.5 (HKLM\...\{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1) (Version: 0.5.7 - Artweaver)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2258 - AVG Technologies)
AVG 2012 (Version: 12.0.4311 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2258 - AVG Technologies) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.14(T) - )
Bonjour (HKLM\...\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}) (Version: 1.0.105 - Apple Inc.)
Browser Defender 2.0.6.15 (HKLM\...\Browser Defender_is1) (Version: 2.0.6.15 - Threat Expert Ltd.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.141.0522 - Chicony Electronics Co.,Ltd.)
ccCommon (Version: 106.2.0.21 - Symantec) Hidden
CCleaner (remove only) (HKLM\...\CCleaner) (Version: - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.01.03 - TOSHIBA)
Client Security Agent (HKLM\...\{4C3E62EC-C74A-42C1-8E7F-F26B56EF9573}) (Version: 1.6.1 - Bradford Networks)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version: - )
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.3 - Ulead Systems, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
EverNote (HKLM\...\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}) (Version: 2.2.1.386 - EverNote)
Free Mp3 Wma Converter V 1.7.3 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: - Koyote Soft)
GIMP 2.4.5 (HKLM\...\WinGimp-2.0_is1) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Gears (HKLM\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 4.0.0.320 (HKU\S-1-5-21-2338171971-2819180464-160824893-1000\...\GoToMeeting) (Version: - )
GRE POWERPREP (HKLM\...\GRE POWERPREP) (Version: - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)
iTunes (HKLM\...\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}) (Version: 8.0.1.11 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Jasc Paint Shop Pro 9 (HKLM\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Lexmark 2400 Series (HKLM\...\Lexmark 2400 Series) (Version: - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version: - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.43 - Symantec Corporation)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
mCore (Version: 9.09.0000 - Intel Corporation) Hidden
mHelp (Version: 9.09.0000 - Intel) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mMHouse (Version: 9.09.0000 - Intel Corporation) Hidden
MozBackup 1.4.7 (HKLM\...\MozBackup_is1) (Version: - Pavel Cvrcek)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)
Mozilla Thunderbird (2.0.0.19) (HKLM\...\Mozilla Thunderbird (2.0.0.19)) (Version: 2.0.0.19 (en-US) - Mozilla)
mPfMgr (Version: 9.09.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicnotes Player V1.23.1 (HKLM\...\Musicnotes Player_is1) (Version: 1.23.1 - Musicnotes Inc.)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.8.1.4 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
NBC Direct Beta (HKLM\...\{7A647B7A-9FE7-44A2-9041-C04528D44EB9}) (Version: 1.0.0.32218 - ExtendMedia Inc.)
Norton Confidential (Symantec Corporation) (HKLM\...\SymSetup.{9EBA63B6-63CC-4BE1-8615-A27DA45BCAAF}) (Version: 1.5.1.8 - Symantec Corporation)
Norton Confidential (Version: 1.0.0 - Symantec Corporation) Hidden
Norton Confidential (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Confidential Browser Component (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Confidential Crimeware Component (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Confidential MS redistributables (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Confidential Web Authentification Component (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Confidential Web Protection Component (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Password Manager (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Personal Privacy (Version: 1.5.1.8 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2007.3.0.5 - Symantec Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.2.5 - EXP Systems LLC)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - Photodex Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PrintMusic! 2002 (HKLM\...\PrintMusic! 2002) (Version: - )
Protector Suite QL 5.6 (HKLM\...\{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}) (Version: 5.6.0.3284 - UPEK Inc.)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2009 (HKLM\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.1.29 - Intuit)
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5473 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
Safari (HKLM\...\{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}) (Version: 3.525.21.0 - Apple Inc.)
Sibelius Scorch (Firefox, Opera, Netscape only) (HKLM\...\{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA}) (Version: 5.2.1 - Sibelius Software)
SPBBC 32bit (Version: 3.2.0.21 - Symantec Corporation) Hidden
Spyware Doctor 7.0 (HKLM\...\Spyware Doctor) (Version: 7.0 - PC Tools)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.34.0.1000 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.1.0.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.00.33 - TOSHIBA)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.0.8 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.10.13 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.43 - WildTangent)
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{8B81CF96-0223-40E9-B6E7-1461F450B605}) (Version: 2.01.01.00 - TOSHIBA)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.1 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD03) - Agere Systems)
TOSHIBA Software Upgrades (HKLM\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{49B85E35-3C56-4420-9A0A-D125348A2D7F}) (Version: 2.01.01.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.0.28 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
US122 Driver 3.40 (HKLM\...\US122 Driver_is1) (Version: 3.40 - Frontier Design Group, LLC)
Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.0.3.2 - Walmart.com)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Yahoo! Browser Services (HKLM\...\Yahoo! Extras) (Version: - )
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.2.131.27\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Windows\system32\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{64AB4DAA-69A2-40ae-9ED2-98C56490FCFA}\InprocServer32 -> C:\Program Files\EverNote\EverNote\DesktopSearch\engds.dll (EverNote Corporation)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1}\InprocServer32 -> C:\Windows\system32\TosBtShell.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\320\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points =========================

30-06-2013 12:11:48 Installed Java 7 Update 25
26-07-2013 12:44:27 Scheduled Checkpoint
27-07-2013 20:47:42 Scheduled Checkpoint
07-08-2013 18:45:38 Scheduled Checkpoint
09-08-2013 00:00:03 Scheduled Checkpoint
10-08-2013 17:27:54 Scheduled Checkpoint
02-09-2013 15:05:54 Scheduled Checkpoint
19-10-2013 11:46:34 Scheduled Checkpoint
20-10-2013 00:00:06 Scheduled Checkpoint
21-10-2013 00:00:07 Scheduled Checkpoint
23-11-2013 20:20:50 Scheduled Checkpoint
24-01-2014 12:09:17 Scheduled Checkpoint
25-01-2014 11:15:33 Installed Java 7 Update 51
01-02-2014 19:08:22 Scheduled Checkpoint
23-07-2015 14:24:29 JRT Pre-Junkware Removal
29-07-2015 05:17:08 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2010-03-22 23:11 - 2011-03-14 16:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A2F024-DE54-4DD0-87DC-0B1F1454225B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.)
Task: {0E5E45E3-350D-4491-98C4-74BDA523A85C} - System32\Tasks\AVG_SYS_TASK_0715av_DELETE => C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe [2015-07-07] ()
Task: {1CA5E07B-4380-41E0-A169-39F13D508246} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Luke => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-19] (Microsoft Corporation)
Task: {6C063372-660D-4147-AB9A-2B2D8D1EEE05} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2007-08-31] (Microsoft Corporation)
Task: {6EA066AC-E23F-4CAF-85F3-989627CD521D} - System32\Tasks\AVG_SYS_TASK_0715av => C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe [2015-07-07] ()
Task: {80C5A767-905B-47FC-A6A4-F7A6EC98925F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2338171971-2819180464-160824893-1000Core => C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.)
Task: {81E50A61-E3EB-4C70-8E21-E9594CB77239} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {932E20F5-97F9-4579-B5F3-97A56804C876} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-21] (Adobe Systems Incorporated)
Task: {E1206BB0-1BE3-4CB5-90E2-9E5C3A228D67} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2338171971-2819180464-160824893-1000UA => C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.)
Task: {F87806AD-129D-4D1F-AC69-77B4DA6332BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0715av.job => C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0715av_DELETE.job => C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338171971-2819180464-160824893-1000Core.job => C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2338171971-2819180464-160824893-1000UA.job => C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{55ED046F-4482-4A8F-A1BF-DA8C80441318}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2006-10-17 21:13 - 2006-10-17 21:13 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2007-03-06 20:40 - 2007-03-06 20:40 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2008-09-30 12:04 - 2008-01-19 03:35 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2009-09-14 21:09 - 2006-11-22 09:51 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL
2009-09-14 21:09 - 2006-11-22 10:05 - 00012288 _____ () C:\Program Files\Lexmark Fax Solutions\FxCtrStr.dll
2009-09-14 21:09 - 2006-11-22 09:49 - 00032768 _____ () C:\Program Files\Lexmark Fax Solutions\ipcmt.dll
2007-07-01 13:50 - 2007-07-01 13:50 - 00064976 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2013-03-14 22:01 - 2011-02-28 18:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2009-09-14 21:15 - 2006-11-27 03:50 - 00117760 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxcrpp5c.dll
2010-03-20 12:35 - 2010-01-21 19:21 - 00767952 _____ () C:\Windows\BDTSupport.dll
2007-11-06 16:31 - 2007-01-25 22:47 - 00136816 _____ () C:\Toshiba\IVP\ISM\pinger.exe
2007-11-06 16:31 - 2007-10-23 20:27 - 00066928 _____ () c:\Toshiba\IVP\swupdate\swupdtmr.exe
2008-06-12 00:10 - 2008-06-12 00:10 - 00016768 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll
2015-07-25 20:48 - 2015-07-07 05:22 - 02579344 _____ () C:\ProgramData\Avg_Update_0715av\AVG-Secure-Search-Update_0715av.exe
2007-09-13 19:11 - 2007-09-13 19:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2009-09-14 21:09 - 2007-01-11 14:57 - 00291760 _____ () C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
2009-09-14 21:09 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files\Lexmark 2400 Series\lxcrscw.dll
2009-09-14 21:09 - 2005-12-29 11:34 - 00143360 _____ () C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll
2007-12-19 23:24 - 2007-05-17 20:03 - 04813312 _____ () C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
2005-07-23 01:30 - 2005-07-23 01:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2004-10-14 14:18 - 2004-10-14 14:18 - 00040960 _____ () C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll
2008-06-12 00:00 - 2008-06-12 00:00 - 00237568 _____ () C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\Users\Luke\Downloads\07_JPN-Nats_Fumie_SP.avi:TOC.WMV

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2338171971-2819180464-160824893-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AcctMgr => "C:\Program Files\Common Files\Symantec Shared\coShared\CIM\1.5\AcctMgr.exe" /startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LXCRCATS => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{7D6D1647-EDB5-439E-981D-86950D63B8C5}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E84DC677-DF03-4601-9445-D6B06828A214}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A4D748E5-CC7E-41E7-8533-1DC81B9CC252}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{AC252DC1-43EF-4649-BC11-C7BFD485F1B3}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{10900442-BB57-432F-9980-77E8D9BAB0B8}] => (Allow) C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
FirewallRules: [{AF49C07B-BFB0-4645-B26B-B4910465D878}] => (Allow) C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe
FirewallRules: [TCP Query User{A375EFC6-AA94-473E-B4C0-A033FBEF2C0B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{7849F268-74F6-429A-8CD9-C62099381609}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{7AC108DE-93A4-419F-85B7-41F96B0E7145}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{50D42E7A-AE96-4CAA-91AC-BF12BF147A02}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{5FAAC36B-55D5-42B5-9970-D52C52BBBAF9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F5B3BAE9-063A-46B3-BCB7-DE052F8F882A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BD4A108A-F42B-4BF2-BF8F-1BEE22532269}C:\program files\aim6\aim6.exe] => (Allow) C:\program files\aim6\aim6.exe
FirewallRules: [UDP Query User{D9B23BCA-BBB9-462C-B2D7-7638EAC0D95C}C:\program files\aim6\aim6.exe] => (Allow) C:\program files\aim6\aim6.exe
FirewallRules: [{5AFDCD3B-77E0-4A5C-AE06-EE9C3D5BC8E3}] => (Allow) LPort=56328
FirewallRules: [{C6FF9678-F7B9-4BF4-8670-EE14194D7F91}] => (Allow) C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
FirewallRules: [{41725FDD-A1F1-495F-B303-3338CEF8A4FA}] => (Allow) C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
FirewallRules: [{6BCE445F-A987-442D-9634-FC7D5BCBA081}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9608F064-AF61-4C5F-84B8-A439F74C9809}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{88A2F7F5-D3B9-4DBA-8BF4-1260C02E6648}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{39884E79-36B9-4917-9785-DD1A62B45A3B}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{0F18F57B-536B-4691-853E-6EBB05A3BCDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B89F70E0-FB83-4AFD-A70B-7143A2F2D529}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{14FEA800-2760-4D82-B6F8-43456CEE0E24}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BA1F154D-00CD-408A-912B-44D19A646209}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{80ED99A2-C2B0-4575-824F-AB84A1C26498}] => (Allow) C:\Windows\System32\lxcrcoms.exe
FirewallRules: [{53A28192-A40C-4E78-9D8A-11A15AF114BF}] => (Allow) C:\Windows\System32\lxcrcoms.exe
FirewallRules: [{B7274A89-7E3D-446B-B791-7CCE07104EE7}] => (Allow) C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
FirewallRules: [{A5266101-2B8C-478C-974D-B7AB1B9798DC}] => (Allow) C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
FirewallRules: [{8AB5F742-6CC6-4962-931F-A73EA80300B9}] => (Allow) C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe
FirewallRules: [{BE5CDDFA-8AC4-4860-9E58-0841558E2B4E}] => (Allow) C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe
FirewallRules: [TCP Query User{8B3CA3CF-3235-4CF5-A702-B369D174CF03}C:\program files\aim6\aim6.exe] => (Allow) C:\program files\aim6\aim6.exe
FirewallRules: [UDP Query User{727F2B17-966B-407A-8134-9E5EF77889B6}C:\program files\aim6\aim6.exe] => (Allow) C:\program files\aim6\aim6.exe
FirewallRules: [{D6CD2B80-63D2-463D-B756-AC70B1321DFE}] => (Allow) LPort=80
FirewallRules: [{D13E42E0-436D-449F-AC69-21C3CA56E2F1}] => (Allow) LPort=80
FirewallRules: [{B4BE736A-AEBC-4FDF-92A1-B8A2D42288CA}] => (Allow) LPort=80
FirewallRules: [{665F9E6A-2CE7-4C3C-A4C1-B24DFF58A6A1}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{BBCC477E-F231-4CEE-BD3F-C9F5C0DF7DCB}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{4D9C4A86-9C98-42C0-9838-8DF6C4E0F2AC}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{E7744EBD-36B2-4A41-B9E3-1083F239600D}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{E23CAC21-3046-4A81-918A-18FFB74A3640}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F3340042-0587-48E6-8AA4-270D1832BEAF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{28228BC1-B512-4599-9F18-350CEB37A729}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{DC4B6DEC-BF54-4090-B9A5-962770A1C89B}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{46849A9D-AC30-4A5B-BCDD-A0C7C11A875D}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{67175736-BA5C-420A-96E1-37448FCCEC99}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{6C1F662F-E1A9-4A56-ADCD-A3C95A264722}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{6061AB1F-1AC2-4034-98AC-160F47B08E7E}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{F8817327-8F38-4C21-9DAB-1ADD5C2AC314}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe] =>
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
StandardProfile\AuthorizedApplications: [C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe] =>

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 10:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgtray.exe, version 12.0.0.2226, time stamp 0x50aa3d57, faulting module avgcorex.dll, version 14.0.0.3697, time stamp 0x52ebf349, exception code 0xc0000005, fault offset 0x00017f61,
process id 0xfe8, application start time 0xavgtray.exe0.

Error: (07/29/2015 10:40:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgtray.exe, version 12.0.0.2226, time stamp 0x50aa3d57, faulting module avgscanx.dll_unloaded, version 0.0.0.0, time stamp 0x54d04096, exception code 0xc0000005, fault offset 0x6af28ab0,
process id 0xfe8, application start time 0xavgtray.exe0.

Error: (07/29/2015 05:17:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (07/29/2015 05:17:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (07/23/2015 02:24:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (07/23/2015 02:24:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (07/23/2015 02:16:35 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LUKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5HS539A2.DEFAULT-1430423417145\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/23/2015 02:16:35 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LUKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5HS539A2.DEFAULT-1430423417145\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/23/2015 02:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LUKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5HS539A2.DEFAULT-1430423417145\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/23/2015 02:09:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\LUKE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\5HS539A2.DEFAULT-1430423417145\SAFEBROWSING> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (07/30/2015 06:56:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/30/2015 06:55:16 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/29/2015 10:54:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

Error: (07/29/2015 10:53:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/29/2015 10:53:00 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/29/2015 10:50:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (07/28/2015 08:41:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (07/28/2015 08:40:57 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/25/2015 08:50:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\IWMSSvc.dll

Error: (07/25/2015 08:50:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\IWMSSvc.dll


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-07-30 07:05:16.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:16.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:16.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:15.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:15.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:15.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:14.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:05:14.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:04:51.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-07-30 07:04:50.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 54%
Total physical RAM: 2037.68 MB
Available physical RAM: 923.59 MB
Total Virtual: 4312.65 MB
Available Virtual: 2873.84 MB

==================== Drives ================================

Drive c: (SQ004587V02) (Fixed) (Total:231.42 GB) (Free:136.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 2D9136DD)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=231.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 01 August 2015 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 01 August 2015 - 08:05 PM

Greetings seastone123 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> {0E5B3808-904D-425A-B911-F5E853C4BA15} URL = http://www.dealio.com/products.html?kwd={searchTerms}
Toolbar: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Luke\AppData\Local\temp\Quarantine.exe
C:\Users\Luke\AppData\Local\temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.2.131.27\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\Users\Luke\Downloads\07_JPN-Nats_Fumie_SP.avi:TOC.WMV
Folder: C:\Users\Luke\AppData\Local\2tOwNf7N
Folder: C:\ProgramData\2tOwNf7N
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 01 August 2015 - 09:25 PM

Thank you so much for your response! I won't be able to run the fix etc. for a couple of days (probably Tuesday). I very much appreciate your time, and I certainly will post back to this thread when I have completed your recommended steps. (I'm about to be without Internet connection for a couple of days, but I will be leaving the infected computer shut down/turned off.) Thanks again for your help so far, and I look forward to resolving the issue.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 01 August 2015 - 09:37 PM

You are welcome and I really appreciate the heads up. See you when you are ready.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 04 August 2015 - 05:54 PM

Here's the FRST fix log:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015
Ran by Luke (2015-08-04 18:12:36) Run:1
Running from C:\Users\Luke\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> {0E5B3808-904D-425A-B911-F5E853C4BA15} URL = http://www.dealio.com/products.html?kwd={searchTerms}
Toolbar: HKU\S-1-5-21-2338171971-2819180464-160824893-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Luke\AppData\Local\temp\Quarantine.exe
C:\Users\Luke\AppData\Local\temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.2.131.27\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\Users\Luke\Downloads\07_JPN-Nats_Fumie_SP.avi:TOC.WMV
Folder: C:\Users\Luke\AppData\Local\2tOwNf7N
Folder: C:\ProgramData\2tOwNf7N
emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E5B3808-904D-425A-B911-F5E853C4BA15}" => key removed successfully.
HKCR\CLSID\{0E5B3808-904D-425A-B911-F5E853C4BA15} => key not found.
HKU\S-1-5-21-2338171971-2819180464-160824893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value removed successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => key not found.
McSysmon => service removed successfully.
AppMgmt => service removed successfully.
blbdrive => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
C:\Users\Luke\AppData\Local\temp\Quarantine.exe => moved successfully.
C:\Users\Luke\AppData\Local\temp\sqlite3.dll => moved successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => key removed successfully.
"HKU\S-1-5-21-2338171971-2819180464-160824893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully..
C:\Users\Luke\Downloads\07_JPN-Nats_Fumie_SP.avi => ":TOC.WMV" ADS removed successfully..

========================= Folder: C:\Users\Luke\AppData\Local\2tOwNf7N ========================

 => is not folder

========================= Folder: C:\ProgramData\2tOwNf7N ========================

 => is not folder
EmptyTemp: => 131.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:14:54 ====

 

 

And here's the system summary (attached)

 

 

I'm continuing to have the same issues with the similar results popping up from AVG. Some of them this time, however, were successfully removed to the virus vault. (Before, all of them that were detected were missing/couldn't be healed.) However, another one popped up that was giving me the same "object is missing". Here's a screenshot of a couple that were detected again. (These were ones that were successfully removed to the virus vault.)

 

https://www.flickr.com/photos/133338362@N02/shares/B4q614

 

What should I do next?

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 04 August 2015 - 07:16 PM

Thank you.

This is the first time you have mentioned this. Can you provide more details or even a screen shot if it comes up again?

However, another one popped up that was giving me the same "object is missing"


Please do these things.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Users\Luke\AppData\Local\2tOwNf7N

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Object is missing description
  • Virustotal link
  • RogueKiller report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 04 August 2015 - 08:15 PM

I apologize for the confusion. I think I mentioned that message showing up more in my original post (in the Am I Infected? forum). Here's a screenshot. I believe I misquoted the actual wording, which doesn't help matters!

 

https://flic.kr/p/wDp1am

 

 

Here is the Virustotal link.

 

https://www.virustotal.com/en/file/2e3a200d29c752fcb20f455d545cc3bb6bc5992f904ca7a39f9cefa37f00f1fd/analysis/1438737029/

 

I will post again when I've completed the roguekiller. (I wanted to go ahead and post these items before I lost track of them.)

 

Thanks again!



#8 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 04 August 2015 - 08:51 PM

Ok; I'm done! (continuation from my previous post with the extra info and Virustotal link)

 

RogueKiller V10.9.4.0 [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Luke [Administrator]
Started from : C:\Users\Luke\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/04/2015 21:38:37

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] bndaemon.exe(2372) -- C:\Program Files\Bradford Networks\Client Security Agent\bndaemon.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (C:\Program Files\AVG\AVG2012\avgssie.dll) -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-2338171971-2819180464-160824893-1000\Software\Microsoft\Windows\CurrentVersion\Run | ROC_ROC_APR2013_AV : C:\Users\Luke\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 8fe0e8c0411347d6a224d14a3c5bec37-3443f0525c04127f60267d75348361231adcb89c --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 [x][x][x][x][x][x][x][x][x][x][x] -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Viewpoint Manager Service ("C:\Program Files\Viewpoint\Common\ViewpointService.exe") -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Viewpoint Manager Service ("C:\Program Files\Viewpoint\Common\ViewpointService.exe") -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2338171971-2819180464-160824893-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B17B6973-598F-45E9-81D4-EFA32880138D} | DhcpNameServer : 10.20.70.8 ([(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B17B6973-598F-45E9-81D4-EFA32880138D} | DhcpNameServer : 10.20.70.8 ([(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B17B6973-598F-45E9-81D4-EFA32880138D} | DhcpNameServer : 10.20.70.8 ([(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{B17B6973-598F-45E9-81D4-EFA32880138D} | DhcpNameServer : 10.20.70.8 ([(Private Address) (XX)])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1    mssplus.mcafee.com

¤¤¤ Antirootkit : 19 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x41e1f48edb000000
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x41e1f48ef7000000
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x41e1f48ceb000000
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x41e1f48bd6000000
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x41e1f48926000000
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x41e1f48907000000
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x41e1f48bf2000000
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x41e1f48ebf000000
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x41e1f48ca4000000
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x41e1f48bba000000
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x41e1f4890e000000
[SSDT:Addr(Hook.SSDT)] NtOpenThreadToken[202] : Unknown @ 0x41e1f48a55000000
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x41e1f48693000000
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x41e1f48a39000000
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x41e1f48a6d000000
[SSDT:Addr(Hook.SSDT)] NtSetInformationThread[306] : Unknown @ 0x41e1f48a1d000000
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x41e1f48b9e000000
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x41e1f48f20000000
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x41e1f48a01000000

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] 81e7cd3007d100c4abecd3d80e1c9b4f
[BSP] 35ecbe757673df1b662cfb5b10113d9d : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 236974 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 

 

After it finished, it pulled up a website with this link: http://www.adlice.com/kernelmode-rootkits-part-1-ssdt-hooks/

 

 

Also, what am I supposed to delete? (It told me to go through the tabs, select, and delete)



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 04 August 2015 - 08:57 PM

Thank you, please do this.

===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 04 August 2015 - 09:14 PM

So, I was able to complete first step, and. I threats were found. However, during the virus scan, I got a blue screen "physical memory dump." I'm restarting my computer. What should I do next? Try the scan again?

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 04 August 2015 - 09:17 PM

Do you recall the name of the threat and yes, run it again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 04 August 2015 - 09:18 PM

I'm so sorry. Autocorrect. I meant to say no threats were found. I'll try to run scan again

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 04 August 2015 - 09:21 PM

If no threats found no need to run it again. Move onto aswMBR.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 seastone123

seastone123
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 04 August 2015 - 09:26 PM

While I'm waiting for the scan to finish: I was wondering. So far, these infections have felt mostly like a nuisance, but I don't know much about computer viruses/worms. Does it seem like my system has been majorly compromised? Is this a minor infection? How worried should I be?

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 04 August 2015 - 09:29 PM

Don't know yet. Depends on whether or not we get a good identification of the malware.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users