Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Kuluoz


  • This topic is locked This topic is locked
6 replies to this topic

#1 consigliere1975

consigliere1975

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 16 February 2016 - 10:47 PM

Good morning -

I ran several antivirus software and detected nothing. My NAS antivirus did detect Kuluoz on the OS Mirror so I can only infer that the trojan is residing in the OS drive. Please help me remove. Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by Eduardo (administrator) on VAIOPC (16-02-2016 23:07:15)
Running from C:\Documents and Settings\Eduardo\My Documents\Downloads
Loaded Profiles: Eduardo & Administrator (Available Profiles: Eduardo & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\QVssService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
(Sony Corporation) C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
(Sony Corporation) C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\QNAP\Qfinder\Qfinder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2013-10-23] (ATI Technologies Inc.)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3186F5B-F3F3-4EAF-A1D9-5A1508CCA61A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A3186F5B-F3F3-4EAF-A1D9-5A1508CCA61A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: [DhcpNameServer] 43.134.195.10
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-21-1460116308-3133659490-1814570806-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-21-1460116308-3133659490-1814570806-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1460116308-3133659490-1814570806-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-21-1460116308-3133659490-1814570806-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\ss6153yw.default
FF SelectedSearchEngine: Yahoo
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.10.835 -> C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll [2003-12-04] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1136 -> C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll [2003-12-04] (RealNetworks)
FF Plugin: @real.com/nprpjplug;version=6.0.11.847 -> C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll [2003-12-04] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-06-07] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2014-07-19] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-05-29] (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2014-07-19]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2014-07-19]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\ss6153yw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-07-20] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-14] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2014-07-19]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2014-07-19]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2014-07-19]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2014-07-19]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Eduardo\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Eduardo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114688 2003-10-13] () [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 ehSched; C:\WINDOWS\ehome\ehSched.exe [84992 2003-11-12] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-11] (Oracle Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 QVssService; C:\Program Files\QNAP\NetBak\QVssService.exe [1618608 2015-02-09] (QNAP Systems, Inc.)
R2 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2003-09-12] (Sony Corporation) [File not signed]
S3 Sony TV Tuner Controller; C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe [118784 2003-08-13] (Sony Corporation) [File not signed]
R3 Sony TV Tuner Manager; C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe [94208 2003-08-13] (Sony Corporation) [File not signed]
R2 Sony TVTA Manager; C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe [106496 2003-08-13] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-MusicServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe [503897 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-MusicServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-MusicServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-PhotoServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe [925696 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-PhotoServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-PhotoServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-VideoServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [1286144 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-VideoServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-VideoServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [163968 2013-10-23] (ATI Technologies Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [245168 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl56327d44; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{654F2882-D14B-4090-822E-562141B49E37}\MpKsl56327d44.sys [39168 2016-02-16] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [681344 2003-11-19] (Creative Technology Ltd.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17232 2003-08-27] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 smrt; C:\WINDOWS\System32\DRIVERS\smrt.sys [772224 2003-12-02] (Sony Corporation)
R0 SonyLSM; C:\WINDOWS\System32\Drivers\SonyLSM.sys [4736 2003-12-19] (Sony Corporation)
S3 HSFHWICH; System32\DRIVERS\HSFHWICH.sys [X]
S3 HSF_DP; System32\DRIVERS\HSF_DP.sys [X]
S4 IntelIde; no ImagePath
S3 QDrive; \??\C:\DOCUME~1\Eduardo\LOCALS~1\Temp\QDrive.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 winachsf; System32\DRIVERS\HSF_CNXT.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-16 23:06 - 2016-02-16 23:07 - 00000000 ____D C:\FRST
2016-02-16 21:35 - 2016-02-16 21:35 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\AVG
2016-02-16 21:33 - 2016-02-16 21:33 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
2016-02-16 21:33 - 2016-02-16 21:33 - 00000000 ____D C:\WINDOWS\LastGood
2016-02-16 21:33 - 2016-02-16 21:33 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\TuneUp Software
2016-02-16 21:33 - 2016-02-16 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-02-16 21:32 - 2016-02-16 21:32 - 00000000 ___HD C:\$AVG
2016-02-16 21:28 - 2016-02-16 21:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-02-16 21:28 - 2016-02-16 21:31 - 00000000 ____D C:\Program Files\AVG
2016-02-16 21:27 - 2016-02-16 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-02-16 21:27 - 2016-02-16 21:35 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\Avg
2016-02-16 21:27 - 2016-02-16 21:29 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\AvgSetupLog
2016-02-16 21:27 - 2016-02-16 21:27 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\MFAData
2016-02-16 21:27 - 2016-02-16 21:27 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\Avg2015
2016-02-10 14:05 - 2016-02-10 14:05 - 00009470 _____ C:\Documents and Settings\Eduardo\My Documents\Digital Storage Manager.xlsx
2016-02-07 16:25 - 2016-02-07 16:25 - 00000098 _____ C:\Documents and Settings\Eduardo\Desktop\storage management.txt
2016-02-06 00:22 - 2016-02-06 00:36 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\HSA Reimbursement
2016-02-04 19:33 - 2016-02-04 19:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Brorsoft
2016-02-04 14:18 - 2016-02-04 14:18 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-02-04 14:16 - 2016-02-04 14:18 - 00109858 _____ C:\WINDOWS\ntbtlog.txt
2016-02-03 09:14 - 2016-02-03 09:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini020316-02.dmp
2016-02-03 01:13 - 2016-02-03 01:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini020316-01.dmp
2016-02-02 12:36 - 2016-02-02 12:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini020216-01.dmp
2016-01-27 22:13 - 2016-01-27 22:18 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-27 22:13 - 2016-01-27 22:13 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2016-01-26 23:44 - 2016-01-27 22:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-01-26 00:13 - 2016-01-26 00:14 - 00000000 ___HD C:\Documents and Settings\Eduardo\_gsdata_
2016-01-22 15:13 - 2016-01-22 15:13 - 00198576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2016-01-22 00:16 - 2016-01-22 07:59 - 00009474 _____ C:\Documents and Settings\Eduardo\My Documents\Network Storage Management.xlsx
2016-01-19 23:27 - 2016-01-19 23:27 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Julieta
2016-01-17 23:12 - 2016-01-17 23:12 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Interesting Stats
2016-01-17 22:21 - 2016-01-17 22:34 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Debt Collection Docs
2016-01-17 21:11 - 2016-02-15 23:27 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Children Rewards System
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-16 23:08 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Temp
2016-02-16 22:37 - 2014-10-22 21:54 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Medical Bills
2016-02-16 22:18 - 2013-10-23 08:35 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-16 21:48 - 2014-11-18 21:43 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Money Exports
2016-02-16 21:33 - 2003-12-03 05:25 - 00000000 ___HD C:\WINDOWS\inf
2016-02-16 14:30 - 2014-09-17 07:18 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\vlc
2016-02-16 14:29 - 2013-10-20 12:34 - 00114688 _____ C:\Documents and Settings\Eduardo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-16 12:18 - 2013-10-23 08:35 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-16 08:43 - 2003-12-03 13:34 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-02-15 21:57 - 2015-09-21 22:03 - 04194392 _____ C:\WINDOWS\pfirewall.log.old
2016-02-14 09:18 - 2003-12-03 13:34 - 00032468 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-14 02:07 - 2014-06-14 11:10 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-02-12 15:16 - 2014-03-20 23:52 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-02-12 11:36 - 2014-08-05 20:26 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\.dvdcss
2016-02-11 09:25 - 2014-07-15 21:22 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\GoodSync
2016-02-10 14:19 - 2013-10-23 08:42 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-10 14:05 - 2013-10-20 12:34 - 00000000 ___RD C:\Documents and Settings\Eduardo\My Documents
2016-02-10 09:39 - 2015-11-27 22:12 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Archive
2016-02-10 09:10 - 2003-12-03 13:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-10 09:10 - 2001-12-31 23:27 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-10 01:44 - 2014-07-13 09:13 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-02-10 01:44 - 2014-07-13 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-02-10 01:44 - 2003-12-03 12:23 - 00000995 _____ C:\WINDOWS\win.ini
2016-02-10 01:42 - 2014-09-22 20:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 01:34 - 2014-09-22 20:10 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 01:30 - 2013-10-20 12:34 - 00000178 ___SH C:\Documents and Settings\Eduardo\ntuser.ini
2016-02-10 01:30 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo
2016-02-08 15:00 - 2001-12-31 23:27 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-02-06 08:31 - 2003-12-03 12:23 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-06 00:05 - 2016-01-14 23:47 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Dependent Care Reimbursement
2016-02-05 23:34 - 2003-12-03 12:24 - 00000209 __RSH C:\boot.ini
2016-02-05 23:34 - 2003-12-03 12:23 - 00000327 _____ C:\WINDOWS\system.ini
2016-02-05 08:03 - 2003-12-03 13:35 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-04 22:48 - 2003-12-03 13:35 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-04 19:33 - 2014-09-08 04:06 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-02-04 14:18 - 2003-12-03 13:35 - 00000000 ____D C:\Documents and Settings\Administrator
2016-02-04 14:12 - 2014-07-12 23:11 - 00000000 ____D C:\WINDOWS\pss
2016-02-04 14:07 - 2015-07-01 00:11 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\dvdcss
2016-02-02 12:36 - 2013-10-20 12:42 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-02 00:26 - 2016-01-12 22:55 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Taxes 2015
2016-02-02 00:26 - 2015-05-03 18:14 - 00010169 _____ C:\Documents and Settings\Eduardo\My Documents\Pasds.xlsx
2016-01-27 22:18 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\Adobe
2016-01-27 22:17 - 2014-08-11 07:36 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\Adobe
2016-01-27 22:13 - 2003-12-04 14:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-27 22:12 - 2003-12-04 14:06 - 00000000 ____D C:\Program Files\Adobe
2016-01-27 21:55 - 2014-12-20 23:31 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Taxes 2014
2016-01-26 23:45 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\AdobeUM
2016-01-26 00:14 - 2014-10-22 22:37 - 00000000 ___HD C:\Documents and Settings\Eduardo\My Documents\_gsdata_
2016-01-26 00:13 - 2003-12-03 13:30 - 00000000 ____D C:\WINDOWS\Registration
2016-01-26 00:02 - 2014-11-18 23:04 - 00009876 _____ C:\Documents and Settings\Eduardo\My Documents\PC_Vehicle Service Log.xlsx
2016-01-25 01:21 - 2014-09-04 14:16 - 00000000 ___HD C:\_gsdata_
2016-01-25 00:39 - 2016-01-15 00:12 - 00010831 _____ C:\Documents and Settings\Eduardo\My Documents\2016 To do List.xlsx
2016-01-21 10:10 - 2015-01-20 09:11 - 00011630 _____ C:\Documents and Settings\Eduardo\My Documents\Active Household Services Comments History.xlsx
2016-01-20 00:00 - 2014-03-21 00:25 - 01689262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1460116308-3133659490-1814570806-1004-0.dat
2016-01-20 00:00 - 2014-03-21 00:25 - 00291142 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-01-19 22:43 - 2015-03-31 21:20 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Einstein Papers
2016-01-19 22:43 - 2014-10-22 21:42 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Citibank Dispute
2016-01-19 22:43 - 2014-10-22 21:36 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Ameritrade IRA docs
2016-01-19 22:42 - 2015-11-27 20:59 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Lego
2016-01-19 22:42 - 2015-01-06 22:37 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\TEMP
2016-01-19 22:42 - 2014-10-22 22:08 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Real Estate Sales Associate License Coursework
2016-01-19 22:42 - 2014-10-22 21:50 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Geico Claim
2016-01-19 22:42 - 2014-09-25 22:08 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Open Requests
 
==================== Files in the root of some directories =======
 
2013-10-20 12:34 - 2016-02-16 14:29 - 0114688 _____ () C:\Documents and Settings\Eduardo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-20 12:34 - 2013-10-23 00:23 - 0000130 _____ () C:\Documents and Settings\Eduardo\Local Settings\Application Data\fusioncache.dat
2015-06-11 22:26 - 2015-06-11 22:26 - 0001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
Some files in TEMP:
====================
C:\Documents and Settings\Eduardo\Local Settings\Temp\avg-ab940609-2b26-4a2c-a5ab-1718ad026e53.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\i4j5410869995716538744.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\iExplorer_Setup_3510.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\mny66A.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\vlc-2.2.1-win32.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7dfda56e.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Eduardo (2016-02-16 23:09:07)
Running from C:\Documents and Settings\Eduardo\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-10-20 17:33:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1460116308-3133659490-1814570806-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1460116308-3133659490-1814570806-1005 - Limited - Enabled)
Eduardo (S-1-5-21-1460116308-3133659490-1814570806-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Eduardo
Guest (S-1-5-21-1460116308-3133659490-1814570806-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1460116308-3133659490-1814570806-1003 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1460116308-3133659490-1814570806-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Premiere 6 LE (HKLM\...\Adobe Premiere 6 LE) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AOL Setup (HKLM\...\AOL Setup) (Version:  - )
Apache HTTP Server 2.2.25 (HKLM\...\{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}) (Version: 2.2.25 - Apache Software Foundation)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS ATI Driver (Version: 4.0 - ASUSTek) Hidden
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Catalyst Control Center (HKLM\...\{F003CD43-85AF-4643-BC8D-3C170830827D}) (Version: 1.2.2267.28694 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5069 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24-060317a1-032372C-Asus - )
ATI Parental Control & Encoder (HKLM\...\{90437E5F-0A9E-4B63-AD8B-D232897D18BF}) (Version: 3.0 - ATI Technologies Inc.)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4530 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brorsoft DVD Ripper Ver 1.4.0.5345 (HKLM\...\{33CA6560-19AE-45c3-A4D1-48EC122A5C18}_is1) (Version:  - )
Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - Canon Inc.)
Click to DVD 1.3.01 (HKLM\...\{7C2F71B2-6C73-11D6-B659-00C04F790F76}) (Version:  - )
Click to DVD Themes (HKLM\...\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}) (Version:  - )
Drag'n Drop CD+DVD (HKLM\...\{DDC146FA-73E0-4FA1-A353-841EA14BF600}) (Version:  - )
DVgate Plus (HKLM\...\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}) (Version:  - )
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Folder Size 3.4.0.0 (HKLM\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.2.3.5 - Siber Systems)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
iExplorer 3.5.1.0 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD 5 for VAIO (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.101 - InterVideo Inc.)
IP Camera (HKLM\...\IP Camera) (Version:  - )
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Logitech Media Server 7.7.3 (HKLM\...\Logitech Media Server_is1) (Version: 7.7.3 - Logitech)
Managed DirectX (0901) (Version: 4.09.00.0901 - Microsoft) Hidden
Memory Stick Formatter (HKLM\...\{27337663-2619-11D4-99DC-0000F49094C7}) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
MoodLogic (HKLM\...\MoodLogic) (Version:  - )
Movielink eHome version 1.1 (HKLM\...\Movielink eHome_is1) (Version:  - )
Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-US) - Mozilla)
Music Visualizer Library 1.4.00 (HKLM\...\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}) (Version:  - )
Netscape (7.02) (HKLM\...\Netscape (7.02)) (Version:  - )
No-IP DUC (HKLM\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OpenMG Metadata Extractor for Windows Media Player (HKLM\...\{9B953606-000E-491C-B74D-78ECFDD520A0}) (Version: 1.0.00.09120 - )
OpenMG Secure Module 3.3.01 (HKLM\...\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}) (Version:  - )
PictureGear Studio 2.0 (HKLM\...\{88DA0A52-3372-4803-971A-ADFB961707E8}) (Version:  - )
QNAP myQNAPcloud Connect (HKLM\...\myQNAPcloud Connect) (Version: 1.2.2.0817 - QNAP Systems, Inc.)
QNAP NetBak Replicator (HKLM\...\NetBak) (Version: 4.5.0.0209 - QNAP Systems, Inc.)
QNAP Qfinder (HKLM\...\QNAP_FINDER) (Version: 5.0.2.0806 - QNAP Systems, Inc.)
Quicken 2004 (HKLM\...\InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}) (Version: 13.00.0000 - Intuit)
Quicken 2004 (Version: 13.00.0000 - Intuit) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAIDar 4.3.8 (HKLM\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
RealOne Player (HKLM\...\RealPlayer 6.0) (Version:  - )
Screenblast ACID 4.0 (HKLM\...\{91A0C8FB-8152-450B-B27D-2DDCD81C9E46}) (Version: 4.0.44 - Screenblast)
Screenblast Sound Forge 1.1 (HKLM\...\{5DF4AA9A-4F53-499C-977B-6CD216B574A5}) (Version: 1.1.18 - Screenblast)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Softsqueeze 3.9b2 (HKLM\...\Softsqueeze 3.9b2) (Version:  - Ralph Irving)
SoftV92 Data Fax Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_8181104D) (Version:  - )
SonicStage 1.6.00 (HKLM\...\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}) (Version:  - )
SonicStage Mastering Studio 1.1 (HKLM\...\{BF3B304B-8A18-452D-A19F-6012CA8418D7}) (Version:  - )
SonicStage Mastering Studio Plugins 1.0 (HKLM\...\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}) (Version:  - )
SonicStage MP3 Add-on program (HKLM\...\{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}) (Version:  - )
Sony Certificate PCH (HKLM\...\{D0448678-1203-4158-A58F-B3D0B616BF9E}) (Version:  - )
Sony TV Tuner Library 1.0 (HKLM\...\{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}) (Version:  - )
Sony Video Shared Library (HKLM\...\{6990A2BF-D1D2-11D3-81BC-00609789C908}) (Version:  - )
Sound Blaster Audigy LS (HKLM\...\{CEB481CC-F57C-4397-81A0-DADD22257047}) (Version:  - )
VAIO BrightColor Wallpaper (HKLM\...\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}) (Version:  - )
VAIO Edit Components (HKLM\...\{761C9026-14F0-4352-8658-934558272404}) (Version:  - )
VAIO Help and Support (HKLM\...\InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}) (Version: 9.01 - Sony Electronics)
VAIO Help and Support (Version: 9.01 - Sony Electronics) Hidden
VAIO Media 2.6 (HKLM\...\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}) (Version:  - )
VAIO Media Integrated Server 2.6 (HKLM\...\{7A79D11B-FD82-4A5E-834F-20173515DD14}) (Version: 2.6.80.10211 - )
VAIO Media Redistribution 2.6 (HKLM\...\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}) (Version:  - )
VAIO Registration (HKLM\...\InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}) (Version: 10.0.0 - Sony Electronics)
VAIO Registration (Version: 10.0.0 - Sony Electronics) Hidden
VAIO Support (HKLM\...\VAIO Support) (Version:  - )
VAIO Survey Standalone (HKLM\...\InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}) (Version: 1.70 - Sony Electronics)
VAIO Survey Standalone (Version: 1.70 - Sony Electronics) Hidden
VAIO System Information (HKLM\...\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}) (Version:  - )
Viewpoint Media Player (Remove Only) (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VOB2MPG v3 (HKLM\...\{908B5359-244E-4E09-AA9F-DBF240679B46}) (Version: 3.2.2000 - BadgerIT)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Welcome to VAIO life (HKLM\...\Welcome to VAIO life) (Version:  - )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Xilisoft DVD Subtitle Ripper (HKLM\...\Xilisoft DVD Subtitle Ripper) (Version: 1.1.19.0807 - Xilisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1460116308-3133659490-1814570806-1004_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1F3BB16D-9468-D082-3B21-4AEE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1460116308-3133659490-1814570806-1004_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {5FFAED6A-9468-D082-3C7D-8BAE85889A47} => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Registration reminder 1.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\Registration reminder 2.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
Task: C:\WINDOWS\Tasks\Registration reminder 3.job => C:\WINDOWS\System32\OOBE\oobebaln.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 18 February 2016 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please run the Farbar tool one more time and post the fresh FRST log.
Include the Addition.txt file that was also created by the tool.

Let me know what problems persists.

#3 consigliere1975

consigliere1975
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 19 February 2016 - 08:58 AM

Thank you for your reply. I'm including all the reports below in addition to the network antivirus scan that's the only software that has detected the trojan so far. I also ran Farbar but the Addition report was not generated this time.

 

JobName = Scan1
LogLastScanTime = 2016/02/15 06:00:01
AntivirusEngine = ClamAV
 
-------------------------------------------------------------------------------
 
/Mirror/VaioOS/Program Files/Common Files/Microsoft Shared/OFFICE14/MSO.DLL: Win.Downloader.Kuluoz-36 FOUND
/Mirror/VaioOS/WINDOWS/Installer/$PatchCache$/Managed/00004119110000000000000000F01FEC/14.0.7015/MSO.DLL.x86: Win.Downloader.Kuluoz-36 FOUND
/Mirror/VaioOS/WINDOWS/Installer/$PatchCache$/Managed/00004119110000000000000000F01FEC/14.0.4763/MSO.DLL.x86: Win.Downloader.Kuluoz-36 FOUND
 
----------- SCAN SUMMARY -----------
Known viruses: 4259312
Engine version: 0.98.6
Scanned directories: 33779
Scanned files: 637686
Infected files: 3
Data scanned: 177983.83 MB
Data read: 2175058.18 MB (ratio 0.08:1)
Time: 38987.659 sec (649 m 47 s)
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/19/2016
Scan Time: 7:45:07 AM
Logfile: mbam results.txt
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.02.19.03
Rootkit Database: v2016.02.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Eduardo
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359768
Time Elapsed: 27 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v5.035 - Logfile created 19/02/2016 at 09:02:55
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Eduardo - VAIOPC
# Running from : C:\Documents and Settings\Eduardo\My Documents\Downloads\adwcleaner_5.035.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Documents and Settings\All Users\Application Data\{2f39affc-d766-b080-2f39-9affcd76bff3}
Folder Found : C:\Program Files\Viewpoint
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\WEBAPP
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1461 bytes] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Eduardo (administrator) on VAIOPC (19-02-2016 09:22:05)
Running from C:\Documents and Settings\Eduardo\My Documents\Downloads
Loaded Profiles: Eduardo (Available Profiles: Eduardo & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\QVssService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
(Sony Corporation) C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
(Sony Corporation) C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
() C:\Program Files\QNAP\Qfinder\Qfinder.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\sndvol32.exe
() C:\Documents and Settings\Eduardo\My Documents\Downloads\adwcleaner_5.035.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2013-10-23] (ATI Technologies Inc.)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3186F5B-F3F3-4EAF-A1D9-5A1508CCA61A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A3186F5B-F3F3-4EAF-A1D9-5A1508CCA61A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DF87B2C8-200D-4C61-8398-1737D6B0853F}: [DhcpNameServer] 43.134.195.10
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-21-1460116308-3133659490-1814570806-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.com/vaiopeople
HKU\S-1-5-21-1460116308-3133659490-1814570806-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\ss6153yw.default
FF SelectedSearchEngine: Yahoo
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.10.835 -> C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll [2003-12-04] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1136 -> C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll [2003-12-04] (RealNetworks)
FF Plugin: @real.com/nprpjplug;version=6.0.11.847 -> C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll [2003-12-04] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-06-07] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2014-07-19] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-05-29] (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2014-07-19]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2014-07-19]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\ss6153yw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2014-07-20] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-14] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2014-07-19]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2014-07-19]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2014-07-19]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2014-07-19]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Eduardo\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Eduardo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-10] (Apache Software Foundation) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [114688 2003-10-13] () [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 ehSched; C:\WINDOWS\ehome\ehSched.exe [84992 2003-11-12] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-11] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 QVssService; C:\Program Files\QNAP\NetBak\QVssService.exe [1618608 2015-02-09] (QNAP Systems, Inc.)
R2 SonicStageMonitoring; C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe [135168 2003-09-12] (Sony Corporation) [File not signed]
S3 Sony TV Tuner Controller; C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe [118784 2003-08-13] (Sony Corporation) [File not signed]
R3 Sony TV Tuner Manager; C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe [94208 2003-08-13] (Sony Corporation) [File not signed]
R2 Sony TVTA Manager; C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe [106496 2003-08-13] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-MusicServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe [503897 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-MusicServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-MusicServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-PhotoServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe [925696 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-PhotoServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-PhotoServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-VideoServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [1286144 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-VideoServer-HTTP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [57344 2003-10-21] (Sony Corporation) [File not signed]
R2 VAIOMediaPlatform-VideoServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [712704 2003-10-21] (Sony Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [163968 2013-10-23] (ATI Technologies Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [245168 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121344 2003-03-11] (Intel Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
U0 fgqfiata; C:\WINDOWS\System32\drivers\rfjlyajw.sys [52440 2016-02-19] (Malwarebytes)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-19] (Malwarebytes)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [681344 2003-11-19] (Creative Technology Ltd.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17232 2003-08-27] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 smrt; C:\WINDOWS\System32\DRIVERS\smrt.sys [772224 2003-12-02] (Sony Corporation)
R0 SonyLSM; C:\WINDOWS\System32\Drivers\SonyLSM.sys [4736 2003-12-19] (Sony Corporation)
S3 HSFHWICH; System32\DRIVERS\HSFHWICH.sys [X]
S3 HSF_DP; System32\DRIVERS\HSF_DP.sys [X]
S4 IntelIde; no ImagePath
R1 MpKsl56327d44; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{654F2882-D14B-4090-822E-562141B49E37}\MpKsl56327d44.sys [X]
S3 QDrive; \??\C:\DOCUME~1\Eduardo\LOCALS~1\Temp\QDrive.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 winachsf; System32\DRIVERS\HSF_CNXT.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 09:21 - 2016-02-19 09:21 - 00001540 _____ C:\Documents and Settings\Eduardo\Desktop\AdwCleaner[S1].txt
2016-02-19 09:02 - 2016-02-19 09:02 - 00000000 ____D C:\AdwCleaner
2016-02-19 08:59 - 2016-02-19 08:59 - 00052440 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\rfjlyajw.sys
2016-02-19 08:58 - 2016-02-19 08:58 - 00001066 _____ C:\Documents and Settings\Eduardo\Desktop\mbam results.txt
2016-02-18 23:21 - 2016-02-19 07:45 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-18 23:19 - 2016-02-18 23:19 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-18 23:19 - 2016-02-18 23:19 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-18 23:19 - 2016-02-18 23:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-18 23:19 - 2016-02-18 23:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-02-18 23:19 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-18 23:19 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-16 23:06 - 2016-02-19 09:22 - 00000000 ____D C:\FRST
2016-02-16 21:35 - 2016-02-16 21:35 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\AVG
2016-02-16 21:33 - 2016-02-16 21:33 - 00000673 _____ C:\Documents and Settings\All Users\Desktop\AVG Protection.lnk
2016-02-16 21:33 - 2016-02-16 21:33 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\TuneUp Software
2016-02-16 21:33 - 2016-02-16 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-02-16 21:32 - 2016-02-16 21:32 - 00000000 ___HD C:\$AVG
2016-02-16 21:28 - 2016-02-16 21:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2016-02-16 21:28 - 2016-02-16 21:31 - 00000000 ____D C:\Program Files\AVG
2016-02-16 21:27 - 2016-02-19 04:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-02-16 21:27 - 2016-02-16 21:35 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\Avg
2016-02-16 21:27 - 2016-02-16 21:29 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\AvgSetupLog
2016-02-16 21:27 - 2016-02-16 21:27 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\MFAData
2016-02-16 21:27 - 2016-02-16 21:27 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\Avg2015
2016-02-10 14:05 - 2016-02-10 14:05 - 00009470 _____ C:\Documents and Settings\Eduardo\My Documents\Digital Storage Manager.xlsx
2016-02-07 16:25 - 2016-02-07 16:25 - 00000098 _____ C:\Documents and Settings\Eduardo\Desktop\storage management.txt
2016-02-06 00:22 - 2016-02-06 00:36 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\HSA Reimbursement
2016-02-04 19:33 - 2016-02-04 19:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Brorsoft
2016-02-04 14:18 - 2016-02-04 14:18 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-02-04 14:16 - 2016-02-04 14:18 - 00109858 _____ C:\WINDOWS\ntbtlog.txt
2016-02-03 09:14 - 2016-02-03 09:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini020316-02.dmp
2016-02-03 01:13 - 2016-02-03 01:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini020316-01.dmp
2016-02-02 12:36 - 2016-02-02 12:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini020216-01.dmp
2016-01-27 22:13 - 2016-01-27 22:18 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-27 22:13 - 2016-01-27 22:13 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2016-01-26 23:44 - 2016-01-27 22:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-01-26 00:13 - 2016-01-26 00:14 - 00000000 ___HD C:\Documents and Settings\Eduardo\_gsdata_
2016-01-22 15:13 - 2016-01-22 15:13 - 00198576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2016-01-22 00:16 - 2016-01-22 07:59 - 00009474 _____ C:\Documents and Settings\Eduardo\My Documents\Network Storage Management.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-19 09:22 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Temp
2016-02-19 09:18 - 2013-10-23 08:35 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 08:59 - 2003-12-04 13:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB828035$
2016-02-19 00:01 - 2014-06-14 11:10 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-02-18 23:21 - 2015-09-21 22:03 - 04194309 _____ C:\WINDOWS\pfirewall.log.old
2016-02-18 23:12 - 2014-09-17 07:18 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\vlc
2016-02-18 16:11 - 2003-12-03 13:34 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-02-18 12:18 - 2013-10-23 08:35 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 02:18 - 2003-12-03 13:34 - 00032440 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-17 16:17 - 2014-08-05 20:26 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\.dvdcss
2016-02-17 16:15 - 2001-12-31 23:27 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-17 15:53 - 2003-12-03 13:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-17 00:03 - 2014-07-13 09:13 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-02-17 00:03 - 2013-10-20 12:34 - 00000178 ___SH C:\Documents and Settings\Eduardo\ntuser.ini
2016-02-17 00:03 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo
2016-02-16 23:56 - 2014-11-18 21:43 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Money Exports
2016-02-16 23:55 - 2014-10-22 21:54 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Medical Bills
2016-02-16 23:49 - 2015-11-27 22:12 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Archive
2016-02-16 21:33 - 2003-12-03 05:25 - 00000000 ___HD C:\WINDOWS\inf
2016-02-16 14:29 - 2013-10-20 12:34 - 00114688 _____ C:\Documents and Settings\Eduardo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-15 23:27 - 2016-01-17 21:11 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Children Rewards System
2016-02-12 15:16 - 2014-03-20 23:52 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-02-11 09:25 - 2014-07-15 21:22 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\GoodSync
2016-02-10 14:19 - 2013-10-23 08:42 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-10 14:05 - 2013-10-20 12:34 - 00000000 ___RD C:\Documents and Settings\Eduardo\My Documents
2016-02-10 01:44 - 2014-07-13 09:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-02-10 01:44 - 2003-12-03 12:23 - 00000995 _____ C:\WINDOWS\win.ini
2016-02-10 01:42 - 2014-09-22 20:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 01:34 - 2014-09-22 20:10 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-08 15:00 - 2001-12-31 23:27 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-02-06 08:31 - 2003-12-03 12:23 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-06 00:05 - 2016-01-14 23:47 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Dependent Care Reimbursement
2016-02-05 23:34 - 2003-12-03 12:24 - 00000209 __RSH C:\boot.ini
2016-02-05 23:34 - 2003-12-03 12:23 - 00000327 _____ C:\WINDOWS\system.ini
2016-02-05 08:03 - 2003-12-03 13:35 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-04 22:48 - 2003-12-03 13:35 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-04 19:33 - 2014-09-08 04:06 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-02-04 14:18 - 2003-12-03 13:35 - 00000000 ____D C:\Documents and Settings\Administrator
2016-02-04 14:12 - 2014-07-12 23:11 - 00000000 ____D C:\WINDOWS\pss
2016-02-04 14:07 - 2015-07-01 00:11 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\dvdcss
2016-02-02 12:36 - 2013-10-20 12:42 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-02 00:26 - 2016-01-12 22:55 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Taxes 2015
2016-02-02 00:26 - 2015-05-03 18:14 - 00010169 _____ C:\Documents and Settings\Eduardo\My Documents\Pasds.xlsx
2016-01-27 22:18 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\Adobe
2016-01-27 22:17 - 2014-08-11 07:36 - 00000000 ____D C:\Documents and Settings\Eduardo\Local Settings\Application Data\Adobe
2016-01-27 22:13 - 2003-12-04 14:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-27 22:12 - 2003-12-04 14:06 - 00000000 ____D C:\Program Files\Adobe
2016-01-27 21:55 - 2014-12-20 23:31 - 00000000 ____D C:\Documents and Settings\Eduardo\My Documents\Taxes 2014
2016-01-26 23:45 - 2013-10-20 12:34 - 00000000 ____D C:\Documents and Settings\Eduardo\Application Data\AdobeUM
2016-01-26 00:14 - 2014-10-22 22:37 - 00000000 ___HD C:\Documents and Settings\Eduardo\My Documents\_gsdata_
2016-01-26 00:13 - 2003-12-03 13:30 - 00000000 ____D C:\WINDOWS\Registration
2016-01-26 00:02 - 2014-11-18 23:04 - 00009876 _____ C:\Documents and Settings\Eduardo\My Documents\PC_Vehicle Service Log.xlsx
2016-01-25 01:21 - 2014-09-04 14:16 - 00000000 ___HD C:\_gsdata_
2016-01-25 00:39 - 2016-01-15 00:12 - 00010831 _____ C:\Documents and Settings\Eduardo\My Documents\2016 To do List.xlsx
2016-01-21 10:10 - 2015-01-20 09:11 - 00011630 _____ C:\Documents and Settings\Eduardo\My Documents\Active Household Services Comments History.xlsx
2016-01-20 00:00 - 2014-03-21 00:25 - 01689262 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1460116308-3133659490-1814570806-1004-0.dat
2016-01-20 00:00 - 2014-03-21 00:25 - 00291142 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
 
==================== Files in the root of some directories =======
 
2013-10-20 12:34 - 2016-02-16 14:29 - 0114688 _____ () C:\Documents and Settings\Eduardo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-20 12:34 - 2013-10-23 00:23 - 0000130 _____ () C:\Documents and Settings\Eduardo\Local Settings\Application Data\fusioncache.dat
2015-06-11 22:26 - 2015-06-11 22:26 - 0001750 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
Some files in TEMP:
====================
C:\Documents and Settings\Eduardo\Local Settings\Temp\avg-ab940609-2b26-4a2c-a5ab-1718ad026e53.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\i4j5410869995716538744.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\iExplorer_Setup_3510.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\mny66A.exe
C:\Documents and Settings\Eduardo\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Eduardo\Local Settings\Temp\vlc-2.2.1-win32.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7dfda56e.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 19 February 2016 - 09:51 AM

/Mirror/VaioOS/Program Files/Common Files/Microsoft Shared/OFFICE14/MSO.DLL: Win.Downloader.Kuluoz-36 FOUND
/Mirror/VaioOS/WINDOWS/Installer/$PatchCache$/Managed/00004119110000000000000000F01FEC/14.0.7015/MSO.DLL.x86: Win.Downloader.Kuluoz-36 FOUND
/Mirror/VaioOS/WINDOWS/Installer/$PatchCache$/Managed/00004119110000000000000000F01FEC/14.0.4763/MSO.DLL.x86: Win.Downloader.Kuluoz-36 FOUND


The MSO.DLL is part of the Micfosoft Office.

Program Files/Common Files/Microsoft Shared/OFFICE14/MSO.DLL


If you used Microsoft office and have no problems the this is a false positive.
===

If not already done please run the AdwCleaner tool and fix everytning that was found.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-06-07] ()
U0 fgqfiata; C:\WINDOWS\System32\drivers\rfjlyajw.sys [52440 2016-02-19] (Malwarebytes)
S3 HSFHWICH; System32\DRIVERS\HSFHWICH.sys [X]
S3 HSF_DP; System32\DRIVERS\HSF_DP.sys [X]
S4 IntelIde; no ImagePath
R1 MpKsl56327d44; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{654F2882-D14B-4090-822E-562141B49E37}\MpKsl56327d44.sys [X]
S3 QDrive; \??\C:\DOCUME~1\Eduardo\LOCALS~1\Temp\QDrive.sys [X]
S3 winachsf; System32\DRIVERS\HSF_CNXT.sys [X]
C:\WINDOWS\System32\drivers\rfjlyajw.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.
===

#5 consigliere1975

consigliere1975
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 February 2016 - 12:27 AM

The computer doesn't exhibit symptoms other than the possible false positive. Here's the fixlog.txt report. Thanks.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Eduardo (2016-02-22 00:13:35) Run:1
Running from C:\Documents and Settings\Eduardo\My Documents\Downloads
Loaded Profiles: Eduardo (Available Profiles: Eduardo & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-06-07] ()
U0 fgqfiata; C:\WINDOWS\System32\drivers\rfjlyajw.sys [52440 2016-02-19] (Malwarebytes)
S3 HSFHWICH; System32\DRIVERS\HSFHWICH.sys [X]
S3 HSF_DP; System32\DRIVERS\HSF_DP.sys [X]
S4 IntelIde; no ImagePath
R1 MpKsl56327d44; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{654F2882-D14B-4090-822E-562141B49E37}\MpKsl56327d44.sys [X]
S3 QDrive; \??\C:\DOCUME~1\Eduardo\LOCALS~1\Temp\QDrive.sys [X]
S3 winachsf; System32\DRIVERS\HSF_CNXT.sys [X]
C:\WINDOWS\System32\drivers\rfjlyajw.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig => value removed successfully.
HKLM\Software\MozillaPlugins\@viewpoint.com/VMP => key not found. 
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => not found.
fgqfiata => service not found.
HSFHWICH => service removed successfully.
HSF_DP => service removed successfully.
IntelIde => service removed successfully.
MpKsl56327d44 => service not found.
QDrive => service removed successfully.
winachsf => service removed successfully.
"C:\WINDOWS\System32\drivers\rfjlyajw.sys" => not found.
EmptyTemp: => 2.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 00:16:13 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 22 February 2016 - 08:56 AM


You can send a Sample of the file to AVG for their review.

http://www.avg.com/submit-sample

===

You can set AVG to exclude the file from being scanned.
https://support.avg.com/SupportArticleView?l=en_US&urlName=How-to-exclude-file-folder-or-website-from-AVG-scanning

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 28 February 2016 - 08:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users