Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Content.IE5


  • This topic is locked This topic is locked
16 replies to this topic

#1 angry@computers

angry@computers

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 25 July 2016 - 06:40 AM

Hi,

 

For some reason, JRT keeps finding files in my IE5 folder. I have no idea where this folder resides, but I'm wondering if I have an infection. Here are the FRST logs and the JRT Log...


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016
Ran by KATY (administrator) on KATY-PC (25-07-2016 12:18:30)
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY (Available Profiles: KATY & Scott Woodward)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [368640 2010-01-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3820440 2016-04-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-07-21] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5686A1FF-0D44-4C69-8DC4-3CADA3EFB569}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F5DBCEB2-DE15-4010-B6F9-2E8837F1B239}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.co.uk/
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-07] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FA889BF0-F113-4780-B051-35694C2EC94C} hxxp://download.isvinternet.com/public/ISVFlashIEOnline/ISVFlashIEOnline.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-06-15] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-06-15] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-11-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Adblock Plus) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-03]
CHR Extension: (Google Search) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Gmail) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-21]
CHR Extension: (Chrome Media Router) - C:\Users\KATY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3647384 2016-04-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [336152 2016-04-21] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-06-16] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-25 12:18 - 2016-07-25 12:18 - 00013071 _____ C:\Users\KATY\Desktop\FRST.txt
2016-07-25 12:17 - 2016-07-25 12:17 - 02394112 _____ (Farbar) C:\Users\KATY\Desktop\FRST64.exe
2016-07-25 12:02 - 2016-07-25 12:02 - 01610560 _____ (Malwarebytes) C:\Users\KATY\Desktop\JRT.exe
2016-07-24 02:31 - 2016-07-24 02:31 - 01610560 _____ (Malwarebytes) C:\Users\Scott Woodward\Desktop\JRT.exe
2016-07-22 14:22 - 2016-07-22 14:23 - 00000000 ____D C:\AdwCleaner
2016-07-22 14:21 - 2016-07-25 12:07 - 00001861 _____ C:\Users\KATY\Desktop\JRT.txt
2016-07-16 14:19 - 2016-07-16 14:19 - 00000000 ____D C:\Users\Scott Woodward\AppData\Roaming\Canon
2016-07-14 18:06 - 2016-07-14 18:42 - 00000000 ____D C:\Users\KATY\Desktop\mbar
2016-07-07 11:22 - 2016-07-07 11:22 - 00000000 ____D C:\Users\Scott Woodward\Documents\iFree Skype Recorder
2016-07-07 11:22 - 2016-07-07 11:22 - 00000000 ____D C:\Users\Scott Woodward\AppData\Roaming\iFree
2016-07-07 11:22 - 2016-07-07 11:22 - 00000000 ____D C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iFree Skype Recorder
2016-07-07 11:22 - 2016-07-07 11:22 - 00000000 ____D C:\Program Files (x86)\iFree Skype Recorder
2016-07-02 14:31 - 2016-07-14 16:36 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Movies
2016-06-30 13:48 - 2016-06-30 13:48 - 00001534 _____ C:\ProgramData\ss.ini
2016-06-30 13:48 - 2016-06-30 13:48 - 00000073 _____ C:\Windows\cdplayer.ini
2016-06-30 13:48 - 2016-06-30 13:48 - 00000000 ____D C:\ProgramData\FreeRIP MP3 Converter
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-25 12:18 - 2015-04-24 14:45 - 00000000 ____D C:\FRST
2016-07-25 12:01 - 2016-06-09 13:16 - 00000426 _____ C:\Windows\Tasks\AVG-SSU_0616av_DELETE.job
2016-07-25 12:01 - 2016-06-09 13:16 - 00000342 _____ C:\Windows\Tasks\AVG-SSU_0616av.job
2016-07-25 12:01 - 2016-03-09 18:56 - 00000640 _____ C:\Windows\Tasks\AVG_SYS_TASK_0316av.job
2016-07-25 12:01 - 2016-03-09 18:56 - 00000426 _____ C:\Windows\Tasks\AVG_SYS_TASK_0316av_DELETE.job
2016-07-25 12:01 - 2015-08-21 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-25 12:01 - 2010-07-31 14:49 - 00000000 ____D C:\Users\KATY\AppData\Local\SoftThinks
2016-07-25 11:59 - 2015-08-21 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-25 11:46 - 2015-08-21 22:02 - 00000000 ____D C:\Users\Scott Woodward\Documents\REAPER Media
2016-07-25 11:12 - 2016-05-06 12:12 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Job Stuff
2016-07-25 10:52 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-25 10:52 - 2009-07-14 05:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-25 10:43 - 2015-07-03 20:10 - 00000000 ____D C:\ProgramData\MFAData
2016-07-25 10:41 - 2010-07-31 14:49 - 00000000 ____D C:\Users\KATY
2016-07-25 10:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-17 15:46 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-16 23:06 - 2015-10-09 18:49 - 00000000 ____D C:\Users\Scott Woodward\AppData\Roaming\Skype
2016-07-16 20:40 - 2009-07-14 06:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 20:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-07-16 11:34 - 2015-08-21 20:39 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Personal Info
2016-07-14 22:02 - 2013-01-15 16:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-14 18:42 - 2015-01-12 18:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-14 17:03 - 2015-08-21 20:40 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Scripts
2016-07-14 17:02 - 2015-08-21 20:40 - 00000000 ____D C:\Users\Scott Woodward\Desktop\My Documents
2016-07-14 16:58 - 2015-09-18 21:14 - 00000000 ____D C:\Users\Scott Woodward\Desktop\EP
2016-07-14 16:58 - 2015-08-21 20:40 - 00000000 ____D C:\Users\Scott Woodward\Desktop\Album
2016-07-09 16:24 - 2015-08-21 21:08 - 00000000 ____D C:\Users\Scott Woodward\AppData\Local\CrashDumps
2016-07-09 16:20 - 2015-08-21 20:55 - 00000000 ____D C:\Users\Scott Woodward\AppData\Roaming\Maize Sampler Player
2016-07-09 16:16 - 2014-07-22 18:05 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
2016-07-01 13:55 - 2011-03-29 21:28 - 00000000 ____D C:\Users\KATY\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2012-04-16 15:58 - 2012-09-08 11:04 - 0006228 _____ () C:\Users\KATY\AppData\Roaming\My Profile.xml
2010-08-09 13:52 - 2014-05-14 14:22 - 0000274 _____ () C:\Users\KATY\AppData\Roaming\wklnhst.dat
2011-08-16 16:33 - 2016-05-05 09:47 - 0005632 _____ () C:\Users\KATY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-29 21:30 - 2011-03-29 21:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-12-16 17:28 - 2013-12-16 17:28 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-06-30 13:48 - 2016-06-30 13:48 - 0001534 _____ () C:\ProgramData\ss.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-23 11:37
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by KATY (2016-07-25 12:19:15)
Running from C:\Users\KATY\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-07-31 13:49:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2882669103-2359843712-3705734191-500 - Administrator - Disabled)
Guest (S-1-5-21-2882669103-2359843712-3705734191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2882669103-2359843712-3705734191-1003 - Limited - Enabled)
KATY (S-1-5-21-2882669103-2359843712-3705734191-1000 - Administrator - Enabled) => C:\Users\KATY
Scott Woodward (S-1-5-21-2882669103-2359843712-3705734191-1004 - Limited - Enabled) => C:\Users\Scott Woodward
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Connect Add-in (HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6201 - AVG Technologies)
AVG 2015 (Version: 15.0.4477 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.4627 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6201 - AVG Technologies) Hidden
Bass Station 2.0 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.0 - Novation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP220 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series) (Version:  - )
Canon MP220 series User Registration (HKLM-x32\...\Canon MP220 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.45 - Dell)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1102.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.5.178 - Final Draft, Inc.)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
iFree Skype Recorder 6.0.18 (HKLM-x32\...\iFree Skype Recorder) (Version: 6.0.18 - iFree Skype Recorder)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scarlett Plug-in Suite 1.6 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.6 - Focusrite)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
ZTE_1.2059.0.8 (HKLM-x32\...\ZTE_1.2059.0.8) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {36EB3ECE-60E3-40B0-B115-827465C3957B} - System32\Tasks\D6TRBDL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: {5753B295-55DC-4532-AA64-25F4BABB658E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6823CCA0-9B7C-4F4B-913B-0BEF31B21198} - System32\Tasks\{37D386B3-F131-48D2-9F0F-46F0E5B5FE66} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {6987ADD7-B491-4DB5-B16D-EF1CA7EDD918} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25] (Nuance Communications, Inc.)
Task: {6AA4EF4F-1140-4EAF-8683-D3FF46858E00} - System32\Tasks\AVG-SSU_0616av => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: {773DA72E-4B4A-43E9-A190-B387BE6B95F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
Task: {86CC885B-C29A-4413-8239-35CA9CF61DB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-21] (Google Inc.)
Task: {98091534-78A8-4622-9192-92F9E22D7F27} - System32\Tasks\AVG-SSU_0616av_DELETE => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: {ADC1B254-1238-4558-8383-F638604A462D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {BB10F1A7-9FEB-47F3-AD0B-32DBDC2A8DB5} - System32\Tasks\AVG_SYS_TASK_0316av_DELETE => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: {DFCEA7BE-0573-46B5-BF5B-821796504186} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F7109B76-4CA3-4AEB-B16D-8A9BAB26AF71} - System32\Tasks\{9DFCF029-FD9C-4B80-B326-909827D973B2} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.1.0.105/en/abandoninstall?page=tsProgressBar
Task: {F9E6E57C-E76A-4B89-8C4F-B6C23ED777A3} - System32\Tasks\AVG_SYS_TASK_0316av => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AVG-SSU_0616av.job => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: C:\Windows\Tasks\AVG-SSU_0616av_DELETE.job => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0316av.job => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0316av_DELETE.job => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-06-12 14:49 - 2009-07-17 02:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-06-12 14:49 - 2009-07-17 02:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-12 14:59 - 2010-07-21 16:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2016-06-16 19:00 - 2016-06-15 10:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-16 19:00 - 2016-06-15 10:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-08-13 21:29 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2882669103-2359843712-3705734191-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\KATY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^KATY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppVodBurner => C:\Program Files (x86)\VodBurner\vodburner.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: googletalk => C:\Users\KATY\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CCE02BA2-9890-4424-BEFB-7BE1B33B1615}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{4A80FC43-40FD-41B0-8141-74E148472A36}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{C3497406-DB8E-417F-A796-176A9193FAF6}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{00AB1F7E-C188-4D46-B58A-D1BBDF63ED7D}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{DDA68FD7-29CA-4B19-B112-0B7EC38D4045}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{96199237-B018-48DE-9B17-F1E0CF156B54}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{33A56E93-BB24-4451-A987-405C1B0EE715}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{3523A8B7-FDDB-4ECD-961D-CAE550C26E1E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{EF8AD5C2-FAC9-44D8-906B-8357DA30240B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{EEF42F64-BB97-4D73-AEC3-37CD4B579826}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{659F921F-9AB9-4A3D-9234-A2BC81052E36}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1C7B341E-D8B7-4619-9614-EE3BAF843B01}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{BA940B3C-75F8-47B9-AED3-20988028D0D7}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [{3590DD73-F0A6-475F-9A36-C50371E3F996}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{48546E6C-FB21-4921-9A55-5DC7121D3202}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{0E2D4F37-A0B9-4440-9958-6EDAF898C216}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DA51260A-2B86-4EB7-AB20-C8CBE9DDFC5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B411DCAC-BC47-4C77-8EBC-28FA74E12DDE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6A51DA75-9D76-4BAE-A5DB-813EADE3EB83}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{14497606-E5A4-4EBA-813A-3B6F846FC6A5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D5F083B2-1395-4B17-B1C5-9056D16BF48F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{F384EB4C-970A-49E7-963D-9428FDBF3AD0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6A66ADC9-FE87-4B48-B8BF-7D388889F721}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D8DEEF92-65B9-46ED-AD1C-99B642444607}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3B8E21A6-C192-456A-A1D6-FE5D4C11BDE5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D40519CA-8423-4C6D-9B82-0CB6F90C9D21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-07-2016 17:07:49 JRT Pre-Junkware Removal
14-07-2016 18:47:32 JRT Pre-Junkware Removal
14-07-2016 22:29:47 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.2.1.1043
14-07-2016 22:32:27 JRT Pre-Junkware Removal
14-07-2016 22:59:02 JRT Pre-Junkware Removal
16-07-2016 23:14:06 JRT Pre-Junkware Removal
16-07-2016 23:21:25 JRT Pre-Junkware Removal
17-07-2016 00:00:27 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.2.1.1043
17-07-2016 13:04:00 JRT Pre-Junkware Removal
17-07-2016 13:58:34 JRT Pre-Junkware Removal
17-07-2016 15:49:40 JRT Pre-Junkware Removal
17-07-2016 16:15:18 JRT Pre-Junkware Removal
17-07-2016 16:23:04 JRT Pre-Junkware Removal
22-07-2016 14:18:00 JRT Pre-Junkware Removal
23-07-2016 11:20:18 JRT Pre-Junkware Removal
24-07-2016 02:31:59 JRT Pre-Junkware Removal
25-07-2016 12:03:14 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2016 10:48:01 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/23/2016 01:02:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/23/2016 12:45:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/23/2016 11:38:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (07/22/2016 02:33:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/22/2016 12:28:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/20/2016 01:46:57 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/11/2016 09:58:11 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/09/2016 04:28:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/09/2016 04:25:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/15/2016 11:45:18 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/15/2016 11:45:17 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/14/2016 04:47:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/14/2016 04:47:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/14/2016 04:47:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/14/2016 04:47:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/14/2016 04:47:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/14/2016 04:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/14/2016 04:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/14/2016 04:47:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-01-16 13:42:59.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-16 13:42:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 4056.36 MB
Available physical RAM: 2127.66 MB
Total Virtual: 8110.93 MB
Available Virtual: 6003.28 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:128.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 63B76F8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64 
Ran by KATY (Administrator) on 25/07/2016 at 12:03:10.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 8 
 
Successfully deleted: C:\Users\KATY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B8TRTOO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\KATY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5YDXQYL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\KATY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X02Y0RN1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\KATY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHLPPN0M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B8TRTOO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5YDXQYL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X02Y0RN1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHLPPN0M (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2016 at 12:06:42.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 25 July 2016 - 07:29 PM

Hi angry@computers :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
These detections by JRT are harmless. Let's take a look at one line.
Successfully deleted: C:\Users\KATY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B8TRTOO (Temporary Internet Files Folder) 
Notice the "Temporary Internet Files"? This is what these folders are, they are temporary Internet files created whenever you browse the web or establish a connection to the Internet. These are part of what you could call "temp files", or "web browser cache". They are harmless and JRT only deletes them to clean the system a bit and also delete any malicious files that could have been dropped/executed from these locations. However, you cannot say that you are infected by only getting these lines when running JRT.

I do not see anything malicious on your system, however I notice that you're running outdated software: Internet Explorer, AVG (your Antivirus) and Adobe programs for instance. Security-wise, this leaves your system open to exploits and gives a possible entry door for malware. So we'll update all that :)

Though just to do things properly, let's run a small fix with FRST to get rid of useless files (mostly files related to AVG Secure Search, a PUP), Emsisoft Emergency Kit and Malwarebytes to make sure there's nothing on your system.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    Task: {6AA4EF4F-1140-4EAF-8683-D3FF46858E00} - System32\Tasks\AVG-SSU_0616av => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
    Task: {98091534-78A8-4622-9192-92F9E22D7F27} - System32\Tasks\AVG-SSU_0616av_DELETE => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
    Task: {DFCEA7BE-0573-46B5-BF5B-821796504186} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {F9E6E57C-E76A-4B89-8C4F-B6C23ED777A3} - System32\Tasks\AVG_SYS_TASK_0316av => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
    Task: C:\Windows\Tasks\AVG-SSU_0616av.job => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
    Task: C:\Windows\Tasks\AVG-SSU_0616av_DELETE.job => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
    Task: C:\Windows\Tasks\AVG_SYS_TASK_0316av.job => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
    Task: C:\Windows\Tasks\AVG_SYS_TASK_0316av_DELETE.job => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
    
    FirewallRules: [TCP Query User{DDA68FD7-29CA-4B19-B112-0B7EC38D4045}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{96199237-B018-48DE-9B17-F1E0CF156B54}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{33A56E93-BB24-4451-A987-405C1B0EE715}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{3523A8B7-FDDB-4ECD-961D-CAE550C26E1E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
    FirewallRules: [{EF8AD5C2-FAC9-44D8-906B-8357DA30240B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    FirewallRules: [{EEF42F64-BB97-4D73-AEC3-37CD4B579826}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    
    
    C:\ProgramData\Avg_Update_0316av
    C:\ProgramData\Avg_Update_0616av
    C:\Program Files (x86)\AVG\AVG2014
    C:\Program Files (x86)\Lavasoft
    C:\program files\java\jre6
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should include:
  • Copy/pasted content of the FRST fixlog.txt;
  • Copy/pasted content of the Emsisoft Emergency Kit clean log;
  • Copy/pasted content of the Malwarebytes clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 07:51 AM

Thanks for you're response Aura.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by KATY (2016-07-26 11:22:32) Run:2
Running from C:\Users\KATY\Desktop
Loaded Profiles: KATY & Scott Woodward (Available Profiles: KATY & Scott Woodward)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
Task: {6AA4EF4F-1140-4EAF-8683-D3FF46858E00} - System32\Tasks\AVG-SSU_0616av => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: {98091534-78A8-4622-9192-92F9E22D7F27} - System32\Tasks\AVG-SSU_0616av_DELETE => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: {DFCEA7BE-0573-46B5-BF5B-821796504186} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {F9E6E57C-E76A-4B89-8C4F-B6C23ED777A3} - System32\Tasks\AVG_SYS_TASK_0316av => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\Windows\Tasks\AVG-SSU_0616av.job => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: C:\Windows\Tasks\AVG-SSU_0616av_DELETE.job => C:\ProgramData\Avg_Update_0616av\AVG-Secure-Search-Update_0616av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0316av.job => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0316av_DELETE.job => C:\ProgramData\Avg_Update_0316av\AVG-Secure-Search-Update_0316av.exe
 
FirewallRules: [TCP Query User{DDA68FD7-29CA-4B19-B112-0B7EC38D4045}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{96199237-B018-48DE-9B17-F1E0CF156B54}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{33A56E93-BB24-4451-A987-405C1B0EE715}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{3523A8B7-FDDB-4ECD-961D-CAE550C26E1E}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{EF8AD5C2-FAC9-44D8-906B-8357DA30240B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{EEF42F64-BB97-4D73-AEC3-37CD4B579826}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
 
 
C:\ProgramData\Avg_Update_0316av
C:\ProgramData\Avg_Update_0616av
C:\Program Files (x86)\AVG\AVG2014
C:\Program Files (x86)\Lavasoft
C:\program files\java\jre6
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6AA4EF4F-1140-4EAF-8683-D3FF46858E00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AA4EF4F-1140-4EAF-8683-D3FF46858E00}" => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0616av => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0616av" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{98091534-78A8-4622-9192-92F9E22D7F27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98091534-78A8-4622-9192-92F9E22D7F27}" => key removed successfully
C:\Windows\System32\Tasks\AVG-SSU_0616av_DELETE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-SSU_0616av_DELETE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFCEA7BE-0573-46B5-BF5B-821796504186}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFCEA7BE-0573-46B5-BF5B-821796504186}" => key removed successfully
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9E6E57C-E76A-4B89-8C4F-B6C23ED777A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9E6E57C-E76A-4B89-8C4F-B6C23ED777A3}" => key removed successfully
C:\Windows\System32\Tasks\AVG_SYS_TASK_0316av => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0316av" => key removed successfully
C:\Windows\Tasks\AVG-SSU_0616av.job => moved successfully
C:\Windows\Tasks\AVG-SSU_0616av_DELETE.job => moved successfully
C:\Windows\Tasks\AVG_SYS_TASK_0316av.job => moved successfully
C:\Windows\Tasks\AVG_SYS_TASK_0316av_DELETE.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DDA68FD7-29CA-4B19-B112-0B7EC38D4045}C:\program files\java\jre6\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{96199237-B018-48DE-9B17-F1E0CF156B54}C:\program files\java\jre6\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{33A56E93-BB24-4451-A987-405C1B0EE715}C:\program files\java\jre6\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3523A8B7-FDDB-4ECD-961D-CAE550C26E1E}C:\program files\java\jre6\bin\javaw.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF8AD5C2-FAC9-44D8-906B-8357DA30240B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEF42F64-BB97-4D73-AEC3-37CD4B579826} => value removed successfully
"C:\ProgramData\Avg_Update_0316av" => not found.
"C:\ProgramData\Avg_Update_0616av" => not found.
"C:\Program Files (x86)\AVG\AVG2014" => not found.
"C:\Program Files (x86)\Lavasoft" => not found.
"C:\program files\java\jre6" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4633455 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 2725173 B
Edge => 0 B
Chrome => 8954546 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35085 B
systemprofile32 => 65960 B
LocalService => 66228 B
NetworkService => 0 B
KATY => 2707257 B
Scott Woodward => 82983 B
 
RecycleBin => 0 B
EmptyTemp: => 26.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:23:38 ====


#4 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 08:05 AM

Emsisoft Emergency Kit - Version 11.0
Quarantine log
 
Date Source Event Detection
26/07/2016 13:16:20 Value: HKEY_USERS\S-1-5-21-2882669103-2359843712-3705734191-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Moved to quarantine Setting.DisableTaskMgr (A)
26/07/2016 13:16:20 Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)
26/07/2016 13:16:20 Value: HKEY_USERS\S-1-5-21-2882669103-2359843712-3705734191-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Moved to quarantine Setting.DisableRegistryTools (A)

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26/07/2016
Scan Time: 13:26
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.07.26.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KATY
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 431032
Time Elapsed: 33 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 26 July 2016 - 08:14 AM

Looks like the AVG folders were already gone, and only the tasks remained. The detections by EEK are standards one, and Malwarebytes didn't detect anything, good :)

Now, let's address these out-of-date programs issue. Uninstall the following programs please.
  • Adobe Flash Player 11 ActiveX 64-bit - Outdated and you don't need it under Google Chrome
  • Adobe Flash Player 11 Plugin - Outdated and you don't need it under Google Chrome
  • AVG 2015 - Outdated
  • QuickTime - Apple dropped support for it on Windows and the program is now vulnerable to exploits
  • Visual Studio 2008 x64 Redistributables - Uninstall AVG before
  • Visual Studio 2010 x64 Redistributables - Uninstall AVG before
  • Visual Studio 2012 x64 Redistributables - Uninstall AVG before
  • Visual Studio 2012 x86 Redistributables - Uninstall AVG before
Now, if you wish to go back with AVG, download the installer for the new version (AVG 2016) from the link below. Make sure to opt-out any programs they offer you during the installation (AVG PC TuneUp, AVG Web TuneUp, AVG Secure Search, etc.) since these are PUPs and you don't want them on your system.

http://www.avg.com/ww-en/homepage

Once this is done, let me know :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 08:47 AM

Hi Aura,

I have removed everything listed.



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 26 July 2016 - 08:58 AM

Good :) Did you reinstall AVG 2016, or not yet?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 09:09 AM

Yes, I have reinstalled AVG 2016.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 26 July 2016 - 09:12 AM

Good :) Now, I see that you're still running Internet Explorer 8, while the highest version available (and the most secure one) on Windows 7 SP1 is Internet Explorer 11. Is there any reason for that? Did you try to install it in the past but weren't able to?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 09:20 AM

I don't use internet explorer, only chrome.



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 26 July 2016 - 09:29 AM

Alright. Even though you don't use Internet Explorer, you still have to keep it updated since files it uses are also used by other programs and if they're not up to date they can be exploited :)

Before we try to install it manually, can you tell me if your Windows Updates are set to automatic install, or manual install? Are all your Windows Updates installed? The last ones should be from the beginning of this month (July).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 11:57 AM

For some reason my computer hasn't offered to install updates for quite a few months. I normally choose it to notify me, and then I download them. 



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 26 July 2016 - 12:00 PM

Alright. Now, if you manually click on Check for updates in the Windows Update control panel, does it returns updates to install?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 angry@computers

angry@computers
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 July 2016 - 04:44 PM

It checks for updates, but never finds them. The last thing it downloaded was a security update about a year ago.


Edited by angry@computers, 26 July 2016 - 04:50 PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:56 AM

Posted 26 July 2016 - 04:52 PM

So no error code at all, it just keeps on searching indefinitely?

Alright, follow the instructions below please.

IGJdB0T.pngSystem Update Readiness Tool (SURT) - Scan
Follow the instructions below to run a scan with the System Update Readiness Tool (SURT) and provide a log;
  • Download the right version of SURT for your system;
    • Your version of Windows is: Windows 7 SP1 x64
  • Once downloaded, execute the installer, and go throught the installation (this process can take around 15-20 minutes);
  • On completion, a log will be created in C:\Windows\Logs\CBS\CheckSUR.log;
  • Attach this log in your next reply;
Alternatively, if these instructions are unclear for you, you can follow the tutorial below.

System Update Readiness Tool (SURT)

Edited by Aura, 26 July 2016 - 04:52 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users