Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to install or open and anti virus programs


  • This topic is locked This topic is locked
11 replies to this topic

#1 stoshe2009

stoshe2009

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 08 November 2015 - 11:30 PM

I got worried about the computer because when i attempt to log in to ebay or amazon it takes me to a page which looks like an ebay or amazon page and tells me that theres been a problem with my account and i must enter all my credit card information and social security number, etc. I already knew ebay and amazon would not ask for somethinbg like this but i can not access them at all now in any web browser on my computer, so i went and bought $69 antivirus cd from kaspersky which will not do anything, including fully install in my computer, so then my friend told me to go to majorgeeks.com and download an antivirus there, which i did but it also will not fully download or work. I tried accessing them and downloading them in safe mode but that does not work either.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Valued Customer (administrator) on VALUEDCUSTOM-PC (08-11-2015 23:10:05)
Running from C:\Users\Valued Customer\Downloads
Loaded Profiles: Valued Customer (Available Profiles: Valued Customer)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\ProgramData\taskhost.exe
() C:\ProgramData\igfxext.exe
() C:\ProgramData\ovftool_32.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(AWS Convergence Technologies, Inc.) C:\Program Files\AWS\WeatherBug\Weather.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Spotify Ltd) C:\Users\Valued Customer\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\ProgramData\igfxTray.exe
(Dropbox, Inc.) C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_ActiveX.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [ErrorTeck] => C:\Program Files\ErrorTeck\ErrorTeck.exe [5365032 2012-05-08] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [VnS4eGf6BE79] => regsvr32.exe /s "C:\PROGRA~2\VnS4eGf6BE79.dll"
HKLM\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
HKLM\...\Run: [igfxext] => C:\ProgramData\igfxext.exe [4096 2015-11-03] ()
HKLM\...\Run: [ovftool_32] => C:\ProgramData\ovftool_32.exe [4096 2015-11-06] ()
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [201992 2008-04-25] (Kaspersky Lab)
Winlogon\Notify\klogon: C:\Windows\system32\klogon.dll [2008-04-25] (Kaspersky Lab)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [Weather] => C:\Program Files\AWS\WeatherBug\Weather.exe [1652736 2011-10-05] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [Spotify Web Helper] => C:\Users\Valued Customer\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-11-02] (Spotify Ltd)
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [Facebook Update] => C:\Users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-15] (Facebook Inc.)
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [Dropbox Update] => C:\Users\Valued Customer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-04] (Dropbox, Inc.)
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [Spotify] => C:\Users\Valued Customer\AppData\Roaming\Spotify\Spotify.exe [7736128 2015-11-02] (Spotify Ltd)
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Run: [igfxTray] => C:\ProgramData\igfxTray.exe [4096 2015-11-02] ()
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\MountPoints2: {86f32643-9c85-11dd-a2bf-001d0974d465} - eigp0.cmd
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\MountPoints2: {ba1331a1-ff63-11dd-8635-806e6f6e6963} - msiexec.exe /i kav.en.msi
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\MountPoints2: {e7ee2c56-e8ab-11dd-b0a5-001d098b55fe} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\recycled\sys.exe
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-4041770261-1943038687-842637714-1000\$b2a786029926e20f67bfe033ce5b2e17\n.ATTENTION! ====> ZeroAccess?
HKU\S-1-5-18\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-06] ()
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll [79112 2008-04-25] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-08-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D0DFD909-D866-44C2-8BE5-201B0A2697EA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {CFBFAE00-17A6-11D0-99CB-00C04FD64497} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4041770261-1943038687-842637714-1000 -> {601833F3-49CB-4D52-96D0-898E4EF56F30} URL = hxxp://search.avg.com/route/?d=4cde2155&v=6.10.6.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-04-01] (Yahoo! Inc.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-11-26] (RealPlayer)
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-04-25] (Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll [2012-09-20] (Simple Adblock)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-04-01] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-4041770261-1943038687-842637714-1000 -> No Name - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.5.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239820850781
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239822894037
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D2349304-8F9E-4A54-ACF6-0F6104B44209} hxxp://auditor.cuyahogacounty.us/REPI/sketch/Sketch.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2008-06-13] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\s2vk8uq1.default
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 54242
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @alternatiff.com/AlternaTIFF -> C:\Program Files\MIE\AlternaTIFF\npzzatif.dll [2013-02-05] (Medical Informatics Engineering, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-03-18] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4041770261-1943038687-842637714-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Valued Customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\s2vk8uq1.default\user.js [2013-04-26]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2013-01-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-11-26] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2007-04-16] ()
FF Extension: Yahoo! Toolbar - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\s2vk8uq1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-03-06] [not signed]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\s2vk8uq1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-09-27] [not signed]
FF Extension: Video DownloadHelper - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\s2vk8uq1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-08-25] [not signed]
FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared => not found

Chrome:
=======
CHR DefaultSearchKeyword: Default -> java
CHR Profile: C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-31]
CHR Extension: (OpenOffice Writer on rollApp) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefnmlhnadcihhnfplfbmcmodoiannan [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (FlashBlock) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie [2015-05-31]
CHR Extension: (Google Search) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Java API Search) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphfngjamcomlehblpblaacingmaojnm [2015-05-31]
CHR Extension: (Google Sheets) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-31]
CHR Extension: (Stopwatch) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2015-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-02]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-03]
CHR Extension: (Awesome File Opener) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphbmanpfjfdngbaamhajooihmjacmfe [2015-06-09]
CHR Extension: (Gmail) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-11-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4948456 2015-05-26] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [201992 2008-04-25] (Kaspersky Lab)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [122320 2015-05-21] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [30672 2015-05-21] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [278992 2015-05-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [159648 2015-07-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [191440 2015-05-26] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-02] (Avanquest Software) [File not signed]
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation)
R3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 HPFXFAX; C:\Windows\System32\drivers\hpfxfax.sys [20504 2007-07-16] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2015-08-09] (Malwarebytes Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-06-11] () [File not signed]
U3 a09syuwj; C:\Windows\system32\Drivers\a09syuwj.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 klbg; system32\drivers\klbg.sys [X]
S3 mcdbus; system32\DRIVERS\mcdbus.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-08 23:10 - 2015-11-08 23:10 - 00026351 _____ C:\Users\Valued Customer\Downloads\FRST.txt
2015-11-08 23:08 - 2015-11-08 23:10 - 00000000 ____D C:\FRST
2015-11-08 23:07 - 2015-11-08 23:08 - 01702400 _____ (Farbar) C:\Users\Valued Customer\Downloads\FRST.exe
2015-11-08 11:01 - 2015-11-08 11:01 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Valued Customer\Downloads\iExplore(1).exe
2015-11-07 21:35 - 2015-11-07 21:35 - 00000347 _____ C:\Users\Valued Customer\Desktop\Downloading RKill.mp4
2015-11-07 21:24 - 2015-11-07 21:24 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Valued Customer\Downloads\rkill(1).exe
2015-11-07 21:21 - 2015-11-07 21:21 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Valued Customer\Downloads\rkill.exe
2015-11-07 20:43 - 2015-11-07 20:43 - 00096645 _____ C:\Windows\system32\Drivers\klin.dat
2015-11-07 20:43 - 2015-11-07 20:43 - 00087941 _____ C:\Windows\system32\Drivers\klick.dat
2015-11-07 20:42 - 2015-11-07 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2009
2015-11-07 20:42 - 2015-11-07 20:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-07 20:42 - 2015-11-07 20:42 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-11-07 20:26 - 2015-11-07 20:51 - 00000680 _____ C:\Users\Valued Customer\AppData\Local\d3d9caps.dat
2015-11-07 14:57 - 2015-11-07 14:57 - 00138760 _____ C:\Windows\Minidump\Mini110715-01.dmp
2015-11-06 07:43 - 2015-11-06 07:43 - 00004096 _____ C:\ProgramData\ovftool_32.exe
2015-11-06 07:42 - 2015-11-06 07:42 - 00090112 _____ C:\ProgramData\7B571D05.EX
2015-11-05 12:33 - 2015-11-05 12:33 - 00000000 ____D C:\Users\Valued Customer\dwhelper
2015-11-05 12:33 - 2015-11-05 12:33 - 00000000 _____ C:\Users\Valued Customer\Desktop\Hanson-Middle Of Nowhere-With You In Your Dreams.wmv.mp4
2015-11-03 18:16 - 2015-11-03 18:16 - 00004096 _____ C:\ProgramData\igfxext.exe
2015-11-02 17:33 - 2015-11-02 17:33 - 00004096 _____ C:\ProgramData\igfxTray.exe
2015-11-02 17:32 - 2015-11-02 17:32 - 00005120 _____ C:\ProgramData\1F3670CC.EX
2015-11-02 07:12 - 2015-11-02 07:12 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\CEF
2015-10-31 08:48 - 2015-10-31 08:48 - 00138760 _____ C:\Windows\Minidump\Mini103115-01.dmp
2015-10-19 18:31 - 2015-10-19 18:31 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-14 09:46 - 2015-10-14 09:46 - 00138760 _____ C:\Windows\Minidump\Mini101415-01.dmp
2015-10-09 10:08 - 2015-10-09 10:08 - 00138760 _____ C:\Windows\Minidump\Mini100915-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-08 23:07 - 2006-11-02 07:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-08 23:07 - 2006-11-02 07:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-08 22:52 - 2012-09-10 21:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-08 22:42 - 2015-07-04 08:17 - 00000958 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4041770261-1943038687-842637714-1000UA.job
2015-11-08 22:42 - 2014-08-15 10:46 - 00000968 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4041770261-1943038687-842637714-1000UA.job
2015-11-08 22:42 - 2012-02-22 14:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 22:42 - 2006-11-02 07:52 - 01064751 _____ C:\Windows\WindowsUpdate.log
2015-11-08 11:51 - 2014-08-15 10:46 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4041770261-1943038687-842637714-1000Core.job
2015-11-08 10:33 - 2015-07-04 08:17 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4041770261-1943038687-842637714-1000Core.job
2015-11-08 10:29 - 2013-07-04 16:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-08 10:29 - 2012-08-24 16:30 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-07 21:36 - 2012-08-06 21:26 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\vlc
2015-11-07 21:10 - 2014-07-12 14:41 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\Spotify
2015-11-07 21:04 - 2014-07-12 14:38 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Spotify
2015-11-07 21:04 - 2006-11-02 05:33 - 00703214 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 21:01 - 2012-12-13 22:36 - 00000000 ___RD C:\Users\Valued Customer\Dropbox
2015-11-07 21:01 - 2012-12-13 22:24 - 00000000 ____D C:\Users\Valued Customer\AppData\Roaming\Dropbox
2015-11-07 20:57 - 2009-03-04 15:42 - 00000000 ____D C:\Users\Valued Customer\Tracing
2015-11-07 20:57 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 20:47 - 2006-11-02 08:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-07 14:57 - 2015-10-04 15:07 - 198912638 _____ C:\Windows\MEMORY.DMP
2015-11-07 14:57 - 2012-09-21 19:49 - 00000000 ____D C:\Windows\Minidump
2015-11-05 12:33 - 2008-10-06 14:21 - 00000000 ____D C:\Users\Valued Customer
2015-11-04 16:07 - 2009-03-04 14:50 - 00000420 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2015-11-03 18:17 - 2015-08-25 20:23 - 03550700 _____ C:\Windows\system32\CFG2153861213
2015-11-02 07:12 - 2014-07-12 14:41 - 00001761 _____ C:\Users\Valued Customer\Desktop\Spotify.lnk
2015-11-02 07:12 - 2014-07-12 14:41 - 00001747 _____ C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-10-31 08:52 - 2009-03-06 14:56 - 00000000 ____D C:\Users\Valued Customer\AppData\Local\WeatherBug
2015-10-31 08:48 - 2014-06-08 10:16 - 00014016 _____ C:\Windows\PFRO.log
2015-10-30 06:17 - 2013-06-02 22:23 - 00000000 ____D C:\Users\Valued Customer\AppData\LocalLow\Simple Adblock
2015-10-23 08:00 - 2015-07-31 07:53 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-20 09:56 - 2011-10-18 20:49 - 00760832 _____ C:\Users\Valued Customer\Documents\Postcard_snowplowing.pub
2015-10-16 23:52 - 2015-09-22 19:39 - 03996360 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-10-16 23:52 - 2012-09-10 21:06 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-16 23:52 - 2011-12-02 17:55 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-09 16:24 - 2014-10-15 20:47 - 00303104 _____ C:\Users\Valued Customer\Documents\Snowplowing contract 2014.pub
2015-10-09 16:17 - 2010-08-03 13:16 - 00000000 ____D C:\Users\Valued Customer\Documents\My Scans

==================== Files in the root of some directories =======

2008-10-17 15:04 - 2008-10-17 15:04 - 0000000 _____ () C:\Users\Valued Customer\AppData\Roaming\AVSDVDPlayer.m3u
2012-09-22 23:38 - 2012-09-22 23:38 - 0168960 _____ () C:\Users\Valued Customer\AppData\Roaming\sedrap.dll
2015-11-07 20:26 - 2015-11-07 20:51 - 0000680 _____ () C:\Users\Valued Customer\AppData\Local\d3d9caps.dat
2009-03-05 20:28 - 2015-07-25 00:38 - 0209920 _____ () C:\Users\Valued Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-02 17:32 - 2015-11-02 17:32 - 0005120 _____ () C:\ProgramData\1F3670CC.EX
2013-02-23 19:39 - 2013-02-23 20:03 - 95023320 ____T () C:\ProgramData\7469271.pad
2015-11-06 07:42 - 2015-11-06 07:42 - 0090112 _____ () C:\ProgramData\7B571D05.EX
2014-03-30 15:25 - 2014-03-30 15:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-10-18 14:33 - 2010-04-09 00:35 - 0001869 _____ () C:\ProgramData\hpzinstall.log
2015-11-03 18:16 - 2015-11-03 18:16 - 0004096 _____ () C:\ProgramData\igfxext.exe
2015-11-02 17:33 - 2015-11-02 17:33 - 0004096 _____ () C:\ProgramData\igfxTray.exe
2015-11-06 07:43 - 2015-11-06 07:43 - 0004096 _____ () C:\ProgramData\ovftool_32.exe
2015-10-06 11:43 - 2015-10-06 11:43 - 0005120 _____ () C:\ProgramData\taskhost.exe
2015-10-06 11:42 - 2015-10-06 11:42 - 0004096 _____ () C:\ProgramData\VnS4eGf6BE79.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4041770261-1943038687-842637714-1000\$b2a786029926e20f67bfe033ce5b2e17

Files to move or delete:
====================
C:\ProgramData\7469271.pad
C:\ProgramData\igfxext.exe
C:\ProgramData\igfxTray.exe
C:\ProgramData\ovftool_32.exe
C:\ProgramData\taskhost.exe
C:\ProgramData\VnS4eGf6BE79.dll


Some files in TEMP:
====================
C:\Users\Valued Customer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpafezqv.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-07 21:08

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 10 November 2015 - 11:48 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello stoshe2009,

My name is mAL_rEm018, but feel free to call me mAL.  I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 11 November 2015 - 01:39 AM

Hello stoshe2009,


Please run the following scans..

RogueKiller

  • Please download RogueKiller and save it to your desktop.
  • Right-click on RogueKiller.exe and select Run as administrator
  • The tool will now start to run a Prescan, wait until it is finished.
  • When the Prescan is over, select Scan.
  • Once the Scan has finished, click on Report.
  • A window entitled Rogue Killer will open, please post the contents in your next reply.
    Do not try to clean anything at this point.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
 

  • Launch Malwarebytes then click Update Now.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.


-----------------------------------------
In your next reply, I would like to see..

  • Roguekiller log
  • MBAM log
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 stoshe2009

stoshe2009
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 11 November 2015 - 08:39 AM

I downloaded roguekiller. I clicked on it and selected "run as asdministrator" The program will not launch. If you look at the photo of my desktop (which i made as my profile picture) all those programs will not launch that are circled.



#5 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 11 November 2015 - 10:42 AM

Hello stoshe2009,
 

I downloaded roguekiller. I clicked on it and selected "run as asdministrator" The program will not launch.

Please rename RogueKiller.exe to RogueKiller.com  Are you able to launch the program now?


Edited by mAL_rEm018, 11 November 2015 - 10:43 AM.

Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#6 stoshe2009

stoshe2009
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 11 November 2015 - 11:02 AM

i deleted roguekiller from my desktop. i downloaded it again and named it roguekiller.com. It will not launch. malwarebytes anti-malware will not launch either. Im not sure  if you can see my profile picture but all these programs have a symbol added to them (by my computer) when they are on my desktop it is a shield of armor with 4 colors in it



#7 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 11 November 2015 - 05:17 PM

Hello stoshe2009,

I notice that you tried to run Rkill.exe.  Did you have any success?  If yes, please post the log located in:

C:\rkill.log


If Rkill.exe did not work, please try with the following versions:

Rkill.com
Rkill.scr

  • Right-click on Rkill and select Run as administrator.
  • A command windows will appear and dissapear once the scan is completed.  This is normal.
  • Once the process is finished a notepad window will appear.  Please copy/paste the contents in your next reply.

-----------------------------------------
In your next reply, I would like to see..

  • Rkill log

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#8 stoshe2009

stoshe2009
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 11 November 2015 - 09:56 PM

hi, these programs do not launch when downloaded



#9 stoshe2009

stoshe2009
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 11 November 2015 - 10:10 PM

they dont work. and this time my computer shut off and when it came back it said this:

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.0.6002.2.2.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    50
  BCP1:    CFBAB000
  BCP2:    00000000
  BCP3:    82231B86
  BCP4:    00000000
  OS Version:    6_0_6002
  Service Pack:    2_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\Mini111115-02.dmp
  C:\Users\Valued Customer\AppData\Local\Temp\WER-135408-0.sysdata.xml
  C:\Users\Valued Customer\AppData\Local\Temp\WER318A.tmp.version.txt

Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
 



#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 AM

Posted 12 November 2015 - 11:14 AM

Hello stoshe2009,

There are strong indicators that your computer was compromised by a "Remote Access Infection"...

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4041770261-1943038687-842637714-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-4041770261-1943038687-842637714-1000\$b2a786029926e20f67bfe033ce5b2e17\n.ATTENTION! ====> ZeroAccess?

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4041770261-1943038687-842637714-1000\$b2a786029926e20f67bfe033ce5b2e17

CustomCLSID: HKU\S-1-5-21-4041770261-1943038687-842637714-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

Please take the time to read and get acquainted with the following article: Remote Access Infections ... (why you should repave) .  

Whether you decide to reformat or clean your computer is up to you, but it's important that you make an informed decision.  Let me know what you want to do in your next post and we will proceed accordingly :)

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#11 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 15 November 2015 - 11:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#12 Gary R

Gary R

    MRU Admin


  • Malware Response Team
  • 835 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 15 November 2015 - 11:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users